Marcus Updateinfo to OVAL Converter 5.5 2022-05-21T06:01:31 LibVNCServer-0.9.1-154.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the LibVNCServer-0.9.1-154.24 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-2450 cpe:/o:suse:suse_sles:11:sp1 MozillaFirefox-3.5.9-0.1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the MozillaFirefox-3.5.9-0.1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0078 CVE-2007-0079 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3670 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2008-0412 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 cpe:/o:suse:suse_sles:11:sp1 NetworkManager-0.7.0.r4359-15.22.49 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the NetworkManager-0.7.0.r4359-15.22.49 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0365 CVE-2009-0578 cpe:/o:suse:suse_sles:11:sp1 NetworkManager-gnome-0.7.0.r1053-11.16.61 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the NetworkManager-gnome-0.7.0.r1053-11.16.61 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0365 CVE-2009-0578 CVE-2009-4144 CVE-2009-4145 cpe:/o:suse:suse_sles:11:sp1 OpenEXR-1.6.1-83.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the OpenEXR-1.6.1-83.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:suse_sles:11:sp1 PackageKit-0.3.14-2.12.105 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the PackageKit-0.3.14-2.12.105 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-4311 cpe:/o:suse:suse_sles:11:sp1 PolicyKit-0.9-14.34.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the PolicyKit-0.9-14.34.9 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1658 cpe:/o:suse:suse_sles:11:sp1 amavisd-new-2.6.2-1.14 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the amavisd-new-2.6.2-1.14 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2005-1349 cpe:/o:suse:suse_sles:11:sp1 apache2-2.2.10-2.24.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the apache2-2.2.10-2.24.5 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-3747 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 CVE-2008-1678 CVE-2008-2364 CVE-2008-2939 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-3094 CVE-2009-3095 CVE-2010-0408 CVE-2010-0434 cpe:/o:suse:suse_sles:11:sp1 apache2-mod_perl-2.0.4-40.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the apache2-mod_perl-2.0.4-40.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1349 cpe:/o:suse:suse_sles:11:sp1 apache2-mod_php5-5.2.6-50.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the apache2-mod_php5-5.2.6-50.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2008-5624 CVE-2008-5625 CVE-2008-5814 CVE-2009-1271 CVE-2009-1272 CVE-2009-2626 CVE-2009-3546 CVE-2009-4017 CVE-2009-4142 cpe:/o:suse:suse_sles:11:sp1 avahi-0.6.23-11.19.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the avahi-0.6.23-11.19.22 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 cpe:/o:suse:suse_sles:11:sp1 bind-9.5.0P2-20.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the bind-9.5.0P2-20.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4339 CVE-2007-2925 CVE-2007-2926 CVE-2009-0696 CVE-2009-4022 cpe:/o:suse:suse_sles:11:sp1 boost-license-1.36.0-11.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the boost-license-1.36.0-11.17 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-0171 cpe:/o:suse:suse_sles:11:sp1 bzip2-1.0.5-34.246 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the bzip2-1.0.5-34.246 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1372 cpe:/o:suse:suse_sles:11:sp1 cifs-mount-3.4.3-1.17.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the cifs-mount-3.4.3-1.17.2 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0787 CVE-2010-0926 cpe:/o:suse:suse_sles:11:sp1 clamav-0.96-0.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the clamav-0.96-0.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4182 CVE-2006-5295 CVE-2006-5874 CVE-2007-0897 CVE-2007-0898 CVE-2007-1745 CVE-2007-1997 CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 CVE-2007-6595 CVE-2007-6596 CVE-2008-0318 CVE-2008-0728 CVE-2008-1100 CVE-2008-2713 cpe:/o:suse:suse_sles:11:sp1 coolkey-1.1.0-22.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the coolkey-1.1.0-22.24 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4129 cpe:/o:suse:suse_sles:11:sp1 cron-4.1-194.24.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the cron-4.1-194.24.4 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:suse_sles:11:sp1 cups-1.3.9-8.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the cups-1.3.9-8.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-0047 CVE-2008-1373 CVE-2008-1693 CVE-2008-1722 CVE-2008-3641 CVE-2009-0163 CVE-2009-0949 CVE-2009-2820 CVE-2009-3553 CVE-2010-0302 CVE-2010-0393 cpe:/o:suse:suse_sles:11:sp1 curl-7.19.0-11.24.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the curl-7.19.0-11.24.25 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0037 CVE-2009-2417 cpe:/o:suse:suse_sles:11:sp1 cyrus-imapd-2.3.11-60.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the cyrus-imapd-2.3.11-60.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-3235 cpe:/o:suse:suse_sles:11:sp1 dbus-1-1.2.10-3.11.29 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the dbus-1-1.2.10-3.11.29 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6107 CVE-2008-0595 CVE-2008-3834 CVE-2008-4311 cpe:/o:suse:suse_sles:11:sp1 dhcp-3.1.3.ESV-0.3.38 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the dhcp-3.1.3.ESV-0.3.38 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0692 CVE-2009-1892 cpe:/o:suse:suse_sles:11:sp1 e2fsprogs-1.41.9-2.1.51 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the e2fsprogs-1.41.9-2.1.51 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5497 cpe:/o:suse:suse_sles:11:sp1 emacs-22.3-4.32.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the emacs-22.3-4.32.4 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5795 cpe:/o:suse:suse_sles:11:sp1 enscript-1.6.4-152.17.55 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the enscript-1.6.4-152.17.55 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-3863 CVE-2008-4306 cpe:/o:suse:suse_sles:11:sp1 evince-2.28.2-0.2.68 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the evince-2.28.2-0.2.68 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5864 cpe:/o:suse:suse_sles:11:sp1 evolution-data-server-2.28.2-0.10.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the evolution-data-server-2.28.2-0.10.9 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3257 cpe:/o:suse:suse_sles:11:sp1 expat-2.0.1-88.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the expat-2.0.1-88.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-2625 CVE-2009-3560 cpe:/o:suse:suse_sles:11:sp1 fetchmail-6.3.8.90-13.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the fetchmail-6.3.8.90-13.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5867 CVE-2006-5974 CVE-2007-1558 CVE-2007-4565 CVE-2009-2666 cpe:/o:suse:suse_sles:11:sp1 file-32bit-4.24-43.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the file-32bit-4.24-43.17 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1536 CVE-2007-2799 cpe:/o:suse:suse_sles:11:sp1 findutils-4.4.0-38.24.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the findutils-4.4.0-38.24.11 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-2452 cpe:/o:suse:suse_sles:11:sp1 freeradius-server-2.1.1-7.7.19.77 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the freeradius-server-2.1.1-7.7.19.77 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-4474 cpe:/o:suse:suse_sles:11:sp1 freetype2-2.3.7-25.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the freetype2-2.3.7-25.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1351 CVE-2009-0946 cpe:/o:suse:suse_sles:11:sp1 ft2demos-2.3.7-25.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the ft2demos-2.3.7-25.9 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1351 cpe:/o:suse:suse_sles:11:sp1 fuse-2.7.2-61.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the fuse-2.7.2-61.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-3297 cpe:/o:suse:suse_sles:11:sp1 fvwm2-2.5.26-1.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the fvwm2-2.5.26-1.25 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5969 cpe:/o:suse:suse_sles:11:sp1 g3utils-1.1.36-26.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the g3utils-1.1.36-26.31 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-4936 cpe:/o:suse:suse_sles:11:sp1 gd-2.0.36.RC1-52.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gd-2.0.36.RC1-52.18 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-2756 cpe:/o:suse:suse_sles:11:sp1 ghostscript-fonts-other-8.62-32.27.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the ghostscript-fonts-other-8.62-32.27.31 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 CVE-2009-0792 cpe:/o:suse:suse_sles:11:sp1 glib2-2.22.5-0.2.23 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the glib2-2.22.5-0.2.23 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-2371 CVE-2008-4316 cpe:/o:suse:suse_sles:11:sp1 gmime-2.2.23-1.41.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gmime-2.2.23-1.41.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2010-0409 cpe:/o:suse:suse_sles:11:sp1 gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gnome-screensaver-2.28.3-0.4.30 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-0887 CVE-2010-0414 CVE-2010-0422 cpe:/o:suse:suse_sles:11:sp1 gnutls-2.4.1-24.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gnutls-2.4.1-24.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4790 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 CVE-2008-4989 CVE-2009-2730 cpe:/o:suse:suse_sles:11:sp1 gpg2-2.0.9-25.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gpg2-2.0.9-25.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-3746 CVE-2006-6169 CVE-2008-1530 cpe:/o:suse:suse_sles:11:sp1 gstreamer-0_10-plugins-base-0.10.25-1.1.133 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.25-1.1.133 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0586 cpe:/o:suse:suse_sles:11:sp1 gstreamer-0_10-plugins-good-0.10.17-1.1.126 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.17-1.1.126 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1686 CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-1932 cpe:/o:suse:suse_sles:11:sp1 gtk2-2.18.9-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gtk2-2.18.9-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0010 cpe:/o:suse:suse_sles:11:sp1 gvim-7.2-8.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gvim-7.2-8.8 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-2438 CVE-2007-2953 cpe:/o:suse:suse_sles:11:sp1 gzip-1.3.12-69.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the gzip-1.3.12-69.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:suse_sles:11:sp1 hplip-3.9.8-3.4.30 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the hplip-3.9.8-3.4.30 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5208 cpe:/o:suse:suse_sles:11:sp1 ipsec-tools-0.7.3-1.1.93 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the ipsec-tools-0.7.3-1.1.93 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1841 CVE-2008-3652 cpe:/o:suse:suse_sles:11:sp1 java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922 CVE-2007-4381 CVE-2007-5232 CVE-2007-5236 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 CVE-2008-1187 CVE-2008-1189 CVE-2008-1190 CVE-2008-1192 CVE-2008-1195 CVE-2008-1196 CVE-2008-3104 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 cpe:/o:suse:suse_sles:11:sp1 java-1_6_0-ibm-1.6.0_sr7.0-1.6.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the java-1_6_0-ibm-1.6.0_sr7.0-1.6.21 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196 cpe:/o:suse:suse_sles:11:sp1 kde4-kgreeter-plugins-4.3.5-0.8.35 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kde4-kgreeter-plugins-4.3.5-0.8.35 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2010-0436 cpe:/o:suse:suse_sles:11:sp1 kdebase3-runtime-3.5.10-20.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kdebase3-runtime-3.5.10-20.31 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4569 cpe:/o:suse:suse_sles:11:sp1 kdelibs3-3.5.10-23.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kdelibs3-3.5.10-23.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 CVE-2008-1671 CVE-2009-0689 cpe:/o:suse:suse_sles:11:sp1 kdelibs4-4.3.5-0.2.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kdelibs4-4.3.5-0.2.46 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0689 cpe:/o:suse:suse_sles:11:sp1 kernel-default-2.6.32.12-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kernel-default-2.6.32.12-0.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-0007 CVE-2008-0009 CVE-2008-0010 CVE-2008-1375 CVE-2008-1669 CVE-2008-1673 CVE-2008-1675 CVE-2008-3528 CVE-2008-3831 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300 CVE-2009-0029 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0415 CVE-2010-0622 CVE-2010-0623 CVE-2010-1146 CVE-2010-1437 cpe:/o:suse:suse_sles:11:sp1 krb5-1.6.3-133.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the krb5-1.6.3-133.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6143 CVE-2006-6144 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2007-5894 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-4212 CVE-2010-0629 cpe:/o:suse:suse_sles:11:sp1 krb5-doc-1.6.3-133.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the krb5-doc-1.6.3-133.21 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp1 krb5-plugin-kdb-ldap-1.6.3-133.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the krb5-plugin-kdb-ldap-1.6.3-133.12 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp1 kvm-0.12.3-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the kvm-0.12.3-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-2382 CVE-2008-5714 cpe:/o:suse:suse_sles:11:sp1 lcms-1.17-77.14.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the lcms-1.17-77.14.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 cpe:/o:suse:suse_sles:11:sp1 libMagickCore1-32bit-6.4.3.6-7.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libMagickCore1-32bit-6.4.3.6-7.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 cpe:/o:suse:suse_sles:11:sp1 libQtWebKit4-32bit-4.6.2-1.6.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libQtWebKit4-32bit-4.6.2-1.6.9 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4811 CVE-2009-0945 cpe:/o:suse:suse_sles:11:sp1 libadns1-1.4-73.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libadns1-1.4-73.21 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1447 CVE-2008-4100 cpe:/o:suse:suse_sles:11:sp1 libapr-util1-1.3.4-12.20.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libapr-util1-1.3.4-12.20.2 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-2412 cpe:/o:suse:suse_sles:11:sp1 libarchive2-2.5.5-5.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libarchive2-2.5.5-5.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5680 CVE-2007-3641 CVE-2007-3644 CVE-2007-3645 cpe:/o:suse:suse_sles:11:sp1 libdrm-2.4.17-0.3.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libdrm-2.4.17-0.3.12 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-3831 cpe:/o:suse:suse_sles:11:sp1 libexif-0.6.17-2.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libexif-0.6.17-2.12 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-6351 CVE-2007-6352 cpe:/o:suse:suse_sles:11:sp1 libexiv2-4-0.17.1-31.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libexiv2-4-0.17.1-31.20 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-6353 cpe:/o:suse:suse_sles:11:sp1 libgtop-2.28.0-1.2.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libgtop-2.28.0-1.2.20 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0235 cpe:/o:suse:suse_sles:11:sp1 libicu-32bit-4.0-7.24.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libicu-32bit-4.0-7.24.11 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 cpe:/o:suse:suse_sles:11:sp1 libltdl7-2.2.6-2.131.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libltdl7-2.2.6-2.131.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-3736 cpe:/o:suse:suse_sles:11:sp1 libmusicbrainz4-2.1.5-5.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libmusicbrainz4-2.1.5-5.18 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4197 cpe:/o:suse:suse_sles:11:sp1 libmysqlclient15-32bit-5.0.67-13.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libmysqlclient15-32bit-5.0.67-13.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 cpe:/o:suse:suse_sles:11:sp1 libneon27-0.28.3-2.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libneon27-0.28.3-2.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0157 CVE-2008-3746 CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:suse_sles:11:sp1 libnetpbm10-10.26.44-101.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libnetpbm10-10.26.44-101.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-4274 cpe:/o:suse:suse_sles:11:sp1 libopensc2-0.11.6-5.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libopensc2-0.11.6-5.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-2235 CVE-2009-0368 cpe:/o:suse:suse_sles:11:sp1 libopenssl0_9_8-0.9.8h-30.27.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libopenssl0_9_8-0.9.8h-30.27.11 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0740 cpe:/o:suse:suse_sles:11:sp1 libpng12-0-1.2.31-5.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libpng12-0-1.2.31-5.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5793 CVE-2008-3964 CVE-2008-5907 CVE-2009-0040 CVE-2009-2042 cpe:/o:suse:suse_sles:11:sp1 libpoppler-glib4-0.12.3-1.2.44 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libpoppler-glib4-0.12.3-1.2.44 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0104 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-2950 CVE-2009-0755 CVE-2009-0756 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 cpe:/o:suse:suse_sles:11:sp1 libpulse-browse0-0.9.21-1.5.26 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libpulse-browse0-0.9.21-1.5.26 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-0008 cpe:/o:suse:suse_sles:11:sp1 libpython2_6-1_0-2.6.0-8.9.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libpython2_6-1_0-2.6.0-8.9.20 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-3560 CVE-2009-3720 cpe:/o:suse:suse_sles:11:sp1 librpcsecgss-0.18-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the librpcsecgss-0.18-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3999 cpe:/o:suse:suse_sles:11:sp1 libsamplerate-0.1.4-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libsamplerate-0.1.4-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-5008 cpe:/o:suse:suse_sles:11:sp1 libsndfile-1.0.20-2.1.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libsndfile-1.0.20-2.1.46 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 cpe:/o:suse:suse_sles:11:sp1 libsnmp15-32bit-5.4.2.1-8.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libsnmp15-32bit-5.4.2.1-8.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-4309 CVE-2008-6123 cpe:/o:suse:suse_sles:11:sp1 libsoup-2_4-1-2.28.2-0.1.151 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libsoup-2_4-1-2.28.2-0.1.151 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5876 cpe:/o:suse:suse_sles:11:sp1 libtiff3-3.8.2-141.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libtiff3-3.8.2-141.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1586 CVE-2008-2327 CVE-2009-2285 CVE-2009-2347 cpe:/o:suse:suse_sles:11:sp1 libvirt-0.7.6-1.9.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libvirt-0.7.6-1.9.8 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-5086 cpe:/o:suse:suse_sles:11:sp1 libvorbis-1.2.0-79.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libvorbis-1.2.0-79.12 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 cpe:/o:suse:suse_sles:11:sp1 libxml2-2.7.6-0.1.37 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libxml2-2.7.6-0.1.37 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-6284 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2414 CVE-2009-2416 cpe:/o:suse:suse_sles:11:sp1 libxslt-1.1.24-19.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the libxslt-1.1.24-19.15 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-1767 cpe:/o:suse:suse_sles:11:sp1 log4net-1.2.10-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the log4net-1.2.10-1.36 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-0743 cpe:/o:suse:suse_sles:11:sp1 mailman-2.1.12-0.1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the mailman-2.1.12-0.1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-2191 CVE-2006-2941 CVE-2006-3636 cpe:/o:suse:suse_sles:11:sp1 man-2.5.2-17.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the man-2.5.2-17.16 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4250 cpe:/o:suse:suse_sles:11:sp1 mono-core-2.0.1-1.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the mono-core-2.0.1-1.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0217 cpe:/o:suse:suse_sles:11:sp1 mozilla-xulrunner190-1.9.0.19-0.1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the mozilla-xulrunner190-1.9.0.19-0.1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2009-0040 CVE-2009-0071 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-0793 CVE-2009-1044 CVE-2009-1169 CVE-2009-1194 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1392 CVE-2009-1563 CVE-2009-1571 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 cpe:/o:suse:suse_sles:11:sp1 mozilla-xulrunner191-1.9.1.9-1.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the mozilla-xulrunner191-1.9.1.9-1.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 cpe:/o:suse:suse_sles:11:sp1 mutt-1.5.17-42.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the mutt-1.5.17-42.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1558 cpe:/o:suse:suse_sles:11:sp1 nagios-3.0.6-1.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the nagios-3.0.6-1.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5803 cpe:/o:suse:suse_sles:11:sp1 nagios-plugins-1.4.13-1.35 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the nagios-plugins-1.4.13-1.35 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5623 cpe:/o:suse:suse_sles:11:sp1 ntp-4.2.4p8-1.3.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the ntp-4.2.4p8-1.3.28 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0159 CVE-2009-1252 cpe:/o:suse:suse_sles:11:sp1 openssh-5.1p1-41.31.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the openssh-5.1p1-41.31.36 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-0225 CVE-2007-4752 CVE-2008-1483 cpe:/o:suse:suse_sles:11:sp1 openswan-2.6.16-1.34.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the openswan-2.6.16-1.34.3 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-4190 CVE-2009-2185 cpe:/o:suse:suse_sles:11:sp1 openvpn-2.0.9-143.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the openvpn-2.0.9-143.31 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4339 cpe:/o:suse:suse_sles:11:sp1 pam-1.0.4-0.5.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the pam-1.0.4-0.5.12 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0579 CVE-2009-0887 cpe:/o:suse:suse_sles:11:sp1 pam_krb5-2.3.1-47.10.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the pam_krb5-2.3.1-47.10.15 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-3825 cpe:/o:suse:suse_sles:11:sp1 pam_ldap-184-147.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the pam_ldap-184-147.20 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-5170 cpe:/o:suse:suse_sles:11:sp1 pam_mount-0.47-13.13.65 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the pam_mount-0.47-13.13.65 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-5138 cpe:/o:suse:suse_sles:11:sp1 perl-32bit-5.10.0-64.47.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the perl-32bit-5.10.0-64.47.8 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-5116 cpe:/o:suse:suse_sles:11:sp1 perl-HTML-Parser-3.56-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the perl-HTML-Parser-3.56-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-3627 cpe:/o:suse:suse_sles:11:sp1 perl-Tk-804.028-50.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the perl-Tk-804.028-50.24 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4484 cpe:/o:suse:suse_sles:11:sp1 perl-spamassassin-3.2.5-26.22.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the perl-spamassassin-3.2.5-26.22.18 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0451 CVE-2007-2873 cpe:/o:suse:suse_sles:11:sp1 postgresql-8.3.9-0.1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the postgresql-8.3.9-0.1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-4034 CVE-2009-4136 cpe:/o:suse:suse_sles:11:sp1 puppet-0.24.8-1.3.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the puppet-0.24.8-1.3.5 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2010-0156 cpe:/o:suse:suse_sles:11:sp1 python-2.6.0-8.9.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the python-2.6.0-8.9.28 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-2052 CVE-2008-1721 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 cpe:/o:suse:suse_sles:11:sp1 qt3-3.3.8b-88.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the qt3-3.3.8b-88.21 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-4811 CVE-2007-0242 CVE-2007-3388 CVE-2007-4137 cpe:/o:suse:suse_sles:11:sp1 quagga-0.99.15-0.1.55 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the quagga-0.99.15-0.1.55 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-2223 CVE-2007-1995 cpe:/o:suse:suse_sles:11:sp1 rsync-3.0.4-2.33.82 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the rsync-3.0.4-2.33.82 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4091 CVE-2007-6199 cpe:/o:suse:suse_sles:11:sp1 ruby-1.8.7.p72-5.24.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the ruby-1.8.7.p72-5.24.2 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-3694 CVE-2006-5467 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 CVE-2008-1145 CVE-2008-3790 CVE-2009-0642 CVE-2009-1904 cpe:/o:suse:suse_sles:11:sp1 squid-2.7.STABLE5-2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the squid-2.7.STABLE5-2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-0478 CVE-2009-2855 CVE-2010-0308 cpe:/o:suse:suse_sles:11:sp1 star-1.5final-28.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the star-1.5final-28.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4134 cpe:/o:suse:suse_sles:11:sp1 sudo-1.6.9p17-21.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the sudo-1.6.9p17-21.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2010-0426 CVE-2010-0427 cpe:/o:suse:suse_sles:11:sp1 syslog-ng-2.0.9-27.27.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the syslog-ng-2.0.9-27.27.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-5110 cpe:/o:suse:suse_sles:11:sp1 sysstat-8.1.5-7.9.56 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the sysstat-8.1.5-7.9.56 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3852 cpe:/o:suse:suse_sles:11:sp1 systemtap-1.0-0.15.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the systemtap-1.0-0.15.16 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2009-2911 CVE-2009-4273 cpe:/o:suse:suse_sles:11:sp1 tar-1.20-23.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the tar-1.20-23.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2001-1267 CVE-2002-0399 CVE-2006-6097 cpe:/o:suse:suse_sles:11:sp1 unrar-3.80.2-2.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the unrar-3.80.2-2.8 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-3726 cpe:/o:suse:suse_sles:11:sp1 unzip-5.52-142.23.43 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the unzip-5.52-142.23.43 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2005-2475 cpe:/o:suse:suse_sles:11:sp1 w3m-0.5.2-132.1.37 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the w3m-0.5.2-132.1.37 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6772 cpe:/o:suse:suse_sles:11:sp1 wget-1.11.4-1.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the wget-1.11.4-1.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6719 cpe:/o:suse:suse_sles:11:sp1 wireshark-1.0.5-1.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the wireshark-1.0.5-1.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-1932 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-2560 CVE-2009-2562 CVE-2009-3549 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304 cpe:/o:suse:suse_sles:11:sp1 xdg-utils-1.0.2-36.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xdg-utils-1.0.2-36.18 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-0386 cpe:/o:suse:suse_sles:11:sp1 xen-4.0.0_21091_04-0.2.6 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xen-4.0.0_21091_04-0.2.6 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 CVE-2007-3919 cpe:/o:suse:suse_sles:11:sp1 xorg-x11-7.4-9.24.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xorg-x11-7.4-9.24.15 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-4568 cpe:/o:suse:suse_sles:11:sp1 xorg-x11-Xvnc-7.4-27.19.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xorg-x11-Xvnc-7.4-27.19.19 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 CVE-2007-1003 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 cpe:/o:suse:suse_sles:11:sp1 xpdf-tools-3.02-138.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xpdf-tools-3.02-138.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4352 CVE-2009-0146 CVE-2009-0791 cpe:/o:suse:suse_sles:11:sp1 xterm-238-1.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the xterm-238-1.16 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2008-2383 cpe:/o:suse:suse_sles:11:sp1 zoo-2.10-911.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP1 These are all security issues fixed in the zoo-2.10-911.22 package on the GA media of SUSE Linux Enterprise Server 11 SP1. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:suse_sles:11:sp1 LibVNCServer-0.9.1-154.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the LibVNCServer-0.9.1-154.24 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-2450 cpe:/o:suse:suse_sles:11:sp2 MozillaFirefox-10.0-0.3.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the MozillaFirefox-10.0-0.3.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0078 CVE-2007-0079 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3670 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2008-0412 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2008-5913 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0183 CVE-2010-0654 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3232 CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2011-3665 cpe:/o:suse:suse_sles:11:sp2 NetworkManager-0.7.1_git20090811-3.20.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the NetworkManager-0.7.1_git20090811-3.20.5 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0365 CVE-2009-0578 cpe:/o:suse:suse_sles:11:sp2 NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the NetworkManager-gnome-0.7.1-5.22.28 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0365 CVE-2009-0578 CVE-2009-4144 CVE-2009-4145 cpe:/o:suse:suse_sles:11:sp2 OpenEXR-1.6.1-83.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the OpenEXR-1.6.1-83.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:suse_sles:11:sp2 PackageKit-0.3.14-2.23.126 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the PackageKit-0.3.14-2.23.126 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4311 cpe:/o:suse:suse_sles:11:sp2 PolicyKit-0.9-14.39.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the PolicyKit-0.9-14.39.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1658 cpe:/o:suse:suse_sles:11:sp2 aaa_base-11-6.65.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the aaa_base-11-6.65.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0461 cpe:/o:suse:suse_sles:11:sp2 acpid-1.0.6-91.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the acpid-1.0.6-91.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0798 cpe:/o:suse:suse_sles:11:sp2 amavisd-new-2.7.0-18.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the amavisd-new-2.7.0-18.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2005-1349 cpe:/o:suse:suse_sles:11:sp2 apache2-2.2.12-1.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the apache2-2.2.12-1.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-3747 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 CVE-2008-1678 CVE-2008-2364 CVE-2008-2939 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2010-0408 CVE-2010-0434 CVE-2010-1452 CVE-2010-2068 CVE-2011-3192 CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 cpe:/o:suse:suse_sles:11:sp2 apache2-mod_jk-1.2.26-1.30.110 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the apache2-mod_jk-1.2.26-1.30.110 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0774 CVE-2008-5519 cpe:/o:suse:suse_sles:11:sp2 apache2-mod_perl-2.0.4-40.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the apache2-mod_perl-2.0.4-40.19 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1349 cpe:/o:suse:suse_sles:11:sp2 apache2-mod_php5-5.2.14-0.7.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the apache2-mod_php5-5.2.14-0.7.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2008-2829 CVE-2008-5498 CVE-2008-5557 CVE-2008-5624 CVE-2008-5625 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271 CVE-2009-1272 CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-3293 CVE-2009-3546 CVE-2009-4017 CVE-2009-4142 CVE-2010-0397 CVE-2010-2225 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150 CVE-2010-4645 CVE-2010-4697 CVE-2010-4698 CVE-2010-4699 CVE-2011-0421 CVE-2011-0708 CVE-2011-0752 CVE-2011-0753 CVE-2011-0755 CVE-2011-1092 CVE-2011-1148 CVE-2011-1464 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471 CVE-2011-1938 cpe:/o:suse:suse_sles:11:sp2 apache2-mod_php53-5.3.8-0.19.6 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the apache2-mod_php53-5.3.8-0.19.6 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-7243 CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4566 CVE-2011-4885 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0830 cpe:/o:suse:suse_sles:11:sp2 avahi-0.6.23-11.19.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the avahi-0.6.23-11.19.22 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 cpe:/o:suse:suse_sles:11:sp2 bind-9.6ESVR5P1-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the bind-9.6ESVR5P1-0.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4339 CVE-2007-2925 CVE-2007-2926 CVE-2009-0696 CVE-2009-4022 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 cpe:/o:suse:suse_sles:11:sp2 boost-license-1.36.0-11.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the boost-license-1.36.0-11.17 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-0171 cpe:/o:suse:suse_sles:11:sp2 bzip2-1.0.5-34.253.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the bzip2-1.0.5-34.253.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1372 CVE-2010-0405 cpe:/o:suse:suse_sles:11:sp2 cifs-utils-5.1-0.4.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the cifs-utils-5.1-0.4.9 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2011-1678 cpe:/o:suse:suse_sles:11:sp2 clamav-0.97.3-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the clamav-0.97.3-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4182 CVE-2006-5295 CVE-2006-5874 CVE-2007-0897 CVE-2007-0898 CVE-2007-1745 CVE-2007-1997 CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 CVE-2007-6595 CVE-2007-6596 CVE-2008-0318 CVE-2008-0728 CVE-2008-1100 CVE-2008-2713 CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 cpe:/o:suse:suse_sles:11:sp2 coolkey-1.1.0-22.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the coolkey-1.1.0-22.24 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4129 cpe:/o:suse:suse_sles:11:sp2 cron-4.1-194.199.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the cron-4.1-194.199.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:suse_sles:11:sp2 cups-1.3.9-8.44.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the cups-1.3.9-8.44.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-0047 CVE-2008-1373 CVE-2008-1693 CVE-2008-1722 CVE-2008-3641 CVE-2009-0163 CVE-2009-0949 CVE-2009-2820 CVE-2009-3553 CVE-2010-0302 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 CVE-2011-2896 CVE-2011-3170 cpe:/o:suse:suse_sles:11:sp2 curl-7.19.7-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the curl-7.19.7-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 cpe:/o:suse:suse_sles:11:sp2 cyrus-imapd-2.3.11-60.65.64.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the cyrus-imapd-2.3.11-60.65.64.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3235 CVE-2011-3372 cpe:/o:suse:suse_sles:11:sp2 dbus-1-1.2.10-3.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the dbus-1-1.2.10-3.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6107 CVE-2008-0595 CVE-2008-3834 CVE-2008-4311 CVE-2009-1189 CVE-2010-4352 cpe:/o:suse:suse_sles:11:sp2 dbus-1-glib-0.76-34.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the dbus-1-glib-0.76-34.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-1172 cpe:/o:suse:suse_sles:11:sp2 dhcp-4.2.3.P2-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the dhcp-4.2.3.P2-0.7.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0692 CVE-2009-1892 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 cpe:/o:suse:suse_sles:11:sp2 dhcpcd-3.2.3-44.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the dhcpcd-3.2.3-44.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0997 cpe:/o:suse:suse_sles:11:sp2 e2fsprogs-1.41.9-2.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the e2fsprogs-1.41.9-2.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-5497 cpe:/o:suse:suse_sles:11:sp2 ecryptfs-utils-32bit-61-1.29.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ecryptfs-utils-32bit-61-1.29.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 cpe:/o:suse:suse_sles:11:sp2 ed-0.2-1001.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ed-0.2-1001.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-3916 cpe:/o:suse:suse_sles:11:sp2 emacs-22.3-4.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the emacs-22.3-4.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-5795 cpe:/o:suse:suse_sles:11:sp2 enscript-1.6.4-152.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the enscript-1.6.4-152.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-3863 CVE-2008-4306 cpe:/o:suse:suse_sles:11:sp2 evince-2.28.2-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the evince-2.28.2-0.7.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5864 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 cpe:/o:suse:suse_sles:11:sp2 evolution-data-server-2.28.2-0.26.33.14 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the evolution-data-server-2.28.2-0.26.33.14 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3257 cpe:/o:suse:suse_sles:11:sp2 expat-2.0.1-88.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the expat-2.0.1-88.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2625 CVE-2009-3560 cpe:/o:suse:suse_sles:11:sp2 fetchmail-6.3.8.90-13.20.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the fetchmail-6.3.8.90-13.20.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5867 CVE-2006-5974 CVE-2007-1558 CVE-2007-4565 CVE-2009-2666 CVE-2011-1947 cpe:/o:suse:suse_sles:11:sp2 file-32bit-4.24-43.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the file-32bit-4.24-43.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1536 CVE-2007-2799 cpe:/o:suse:suse_sles:11:sp2 findutils-4.4.0-38.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the findutils-4.4.0-38.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-2452 cpe:/o:suse:suse_sles:11:sp2 foomatic-filters-3.0.2-269.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the foomatic-filters-3.0.2-269.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-2697 cpe:/o:suse:suse_sles:11:sp2 freeradius-server-2.1.1-7.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the freeradius-server-2.1.1-7.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4474 cpe:/o:suse:suse_sles:11:sp2 freetype2-2.3.7-25.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the freetype2-2.3.7-25.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1351 CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-2895 CVE-2011-3256 CVE-2011-3439 cpe:/o:suse:suse_sles:11:sp2 ft2demos-2.3.7-25.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ft2demos-2.3.7-25.9 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1351 cpe:/o:suse:suse_sles:11:sp2 fuse-2.7.2-61.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the fuse-2.7.2-61.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3297 CVE-2011-0541 cpe:/o:suse:suse_sles:11:sp2 fvwm2-2.5.26-1.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the fvwm2-2.5.26-1.25 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5969 cpe:/o:suse:suse_sles:11:sp2 g3utils-1.1.36-26.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the g3utils-1.1.36-26.31 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4936 cpe:/o:suse:suse_sles:11:sp2 gd-2.0.36.RC1-52.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gd-2.0.36.RC1-52.18 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-2756 cpe:/o:suse:suse_sles:11:sp2 ghostscript-fonts-other-8.62-32.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ghostscript-fonts-other-8.62-32.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 CVE-2009-0792 CVE-2010-1869 cpe:/o:suse:suse_sles:11:sp2 glib2-2.22.5-0.2.23 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the glib2-2.22.5-0.2.23 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-2371 CVE-2008-4316 cpe:/o:suse:suse_sles:11:sp2 glibc-2.11.3-17.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the glibc-2.11.3-17.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-5029 CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp2 gmime-2.2.23-1.50.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gmime-2.2.23-1.50.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-0409 cpe:/o:suse:suse_sles:11:sp2 gnome-screensaver-2.28.3-0.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gnome-screensaver-2.28.3-0.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-0887 CVE-2010-0414 CVE-2010-0422 cpe:/o:suse:suse_sles:11:sp2 gnutls-2.4.1-24.39.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gnutls-2.4.1-24.39.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4790 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 CVE-2008-4989 CVE-2009-2730 CVE-2009-3555 CVE-2011-4128 cpe:/o:suse:suse_sles:11:sp2 gpg2-2.0.9-25.33.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gpg2-2.0.9-25.33.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-3746 CVE-2006-6169 CVE-2008-1530 CVE-2010-2547 cpe:/o:suse:suse_sles:11:sp2 gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.35-5.15.8 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0586 cpe:/o:suse:suse_sles:11:sp2 gstreamer-0_10-plugins-good-0.10.30-5.8.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.30-5.8.11 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1686 CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-1932 cpe:/o:suse:suse_sles:11:sp2 gtk2-2.18.9-0.21.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gtk2-2.18.9-0.21.4 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0010 cpe:/o:suse:suse_sles:11:sp2 gvim-7.2-8.15.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gvim-7.2-8.15.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-2438 CVE-2007-2953 cpe:/o:suse:suse_sles:11:sp2 gzip-1.3.12-69.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the gzip-1.3.12-69.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:suse_sles:11:sp2 hplip-3.11.10-0.6.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the hplip-3.11.10-0.6.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2004-0801 CVE-2007-5208 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 cpe:/o:suse:suse_sles:11:sp2 ipsec-tools-0.7.3-1.1.93 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ipsec-tools-0.7.3-1.1.93 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1841 CVE-2008-3652 cpe:/o:suse:suse_sles:11:sp2 java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922 CVE-2007-4381 CVE-2007-5232 CVE-2007-5236 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 CVE-2008-1187 CVE-2008-1189 CVE-2008-1190 CVE-2008-1192 CVE-2008-1195 CVE-2008-1196 CVE-2008-3104 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 CVE-2009-3555 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0095 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3574 CVE-2010-4476 cpe:/o:suse:suse_sles:11:sp2 java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196 CVE-2008-5351 CVE-2009-3555 CVE-2010-0771 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3553 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4476 cpe:/o:suse:suse_sles:11:sp2 kbd-1.14.1-16.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kbd-1.14.1-16.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0460 cpe:/o:suse:suse_sles:11:sp2 kde4-kgreeter-plugins-4.3.5-0.10.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kde4-kgreeter-plugins-4.3.5-0.10.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-0436 cpe:/o:suse:suse_sles:11:sp2 kdebase3-runtime-3.5.10-20.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kdebase3-runtime-3.5.10-20.31 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4569 cpe:/o:suse:suse_sles:11:sp2 kdelibs3-3.5.10-23.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kdelibs3-3.5.10-23.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 CVE-2008-1671 CVE-2009-0689 cpe:/o:suse:suse_sles:11:sp2 kdelibs4-4.3.5-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kdelibs4-4.3.5-0.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0689 CVE-2011-1168 cpe:/o:suse:suse_sles:11:sp2 kdenetwork4-filesharing-4.3.5-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kdenetwork4-filesharing-4.3.5-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-1000 cpe:/o:suse:suse_sles:11:sp2 kernel-default-3.0.13-0.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kernel-default-3.0.13-0.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-0007 CVE-2008-0009 CVE-2008-0010 CVE-2008-1375 CVE-2008-1669 CVE-2008-1673 CVE-2008-1675 CVE-2008-3528 CVE-2008-3831 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300 CVE-2009-0029 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0415 CVE-2010-0622 CVE-2010-0623 CVE-2010-1146 CVE-2010-1173 CVE-2010-1437 CVE-2010-1641 CVE-2010-2066 CVE-2010-2798 CVE-2010-2803 CVE-2010-2942 CVE-2010-2943 CVE-2010-2946 CVE-2010-2954 CVE-2010-2955 CVE-2010-2959 CVE-2010-2960 CVE-2010-2962 CVE-2010-2963 CVE-2010-3015 CVE-2010-3078 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3084 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2010-3437 CVE-2010-3699 CVE-2010-3705 CVE-2010-3861 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-3881 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4076 CVE-2010-4077 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4164 CVE-2010-4165 CVE-2010-4169 CVE-2010-4175 CVE-2010-4243 CVE-2010-4251 CVE-2010-4258 CVE-2010-4342 CVE-2010-4529 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 CVE-2011-0710 CVE-2011-0711 CVE-2011-0712 CVE-2011-1016 CVE-2011-1017 CVE-2011-1020 CVE-2011-1160 CVE-2011-1180 CVE-2011-1182 CVE-2011-1478 CVE-2011-1573 CVE-2011-1577 CVE-2011-1593 CVE-2011-2182 CVE-2011-2183 CVE-2011-2203 CVE-2011-2479 CVE-2011-2491 CVE-2011-2495 CVE-2011-2496 CVE-2011-3191 CVE-2011-4097 CVE-2011-4127 CVE-2011-4131 CVE-2011-4604 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0056 CVE-2012-0207 cpe:/o:suse:suse_sles:11:sp2 krb5-1.6.3-133.48.48.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the krb5-1.6.3-133.48.48.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6143 CVE-2006-6144 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2007-5894 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-4212 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 cpe:/o:suse:suse_sles:11:sp2 krb5-doc-1.6.3-133.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the krb5-doc-1.6.3-133.21 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp2 krb5-plugin-kdb-ldap-1.6.3-133.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the krb5-plugin-kdb-ldap-1.6.3-133.12 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp2 kvm-0.15.1-0.17.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the kvm-0.15.1-0.17.3 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-2382 CVE-2008-5714 cpe:/o:suse:suse_sles:11:sp2 lcms-1.17-77.14.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the lcms-1.17-77.14.19 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 cpe:/o:suse:suse_sles:11:sp2 ldapsmb-1.34b-12.18.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ldapsmb-1.34b-12.18.3 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 cpe:/o:suse:suse_sles:11:sp2 libMagickCore1-32bit-6.4.3.6-7.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libMagickCore1-32bit-6.4.3.6-7.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 cpe:/o:suse:suse_sles:11:sp2 libQtWebKit4-32bit-4.6.3-5.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libQtWebKit4-32bit-4.6.3-5.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4811 CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 cpe:/o:suse:suse_sles:11:sp2 libadns1-1.4-73.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libadns1-1.4-73.21 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1447 CVE-2008-4100 cpe:/o:suse:suse_sles:11:sp2 libapr-util1-1.3.4-12.22.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libapr-util1-1.3.4-12.22.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2412 CVE-2010-1623 cpe:/o:suse:suse_sles:11:sp2 libapr1-1.3.3-11.18.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libapr1-1.3.3-11.18.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 cpe:/o:suse:suse_sles:11:sp2 libarchive2-2.5.5-5.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libarchive2-2.5.5-5.19 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5680 CVE-2007-3641 CVE-2007-3644 CVE-2007-3645 cpe:/o:suse:suse_sles:11:sp2 libcap-progs-2.11-2.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libcap-progs-2.11-2.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-4099 cpe:/o:suse:suse_sles:11:sp2 libcgroup1-0.34-2.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libcgroup1-0.34-2.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-1006 CVE-2011-1022 cpe:/o:suse:suse_sles:11:sp2 libdrm-2.4.27-0.6.6 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libdrm-2.4.27-0.6.6 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-3831 cpe:/o:suse:suse_sles:11:sp2 libexif-0.6.17-2.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libexif-0.6.17-2.12 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-6351 CVE-2007-6352 cpe:/o:suse:suse_sles:11:sp2 libexiv2-4-0.17.1-31.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libexiv2-4-0.17.1-31.20 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-6353 cpe:/o:suse:suse_sles:11:sp2 libfreebl3-3.13.1-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libfreebl3-3.13.1-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-3170 CVE-2011-3389 cpe:/o:suse:suse_sles:11:sp2 libgdiplus0-2.6.7-0.5.76 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libgdiplus0-2.6.7-0.5.76 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-1526 cpe:/o:suse:suse_sles:11:sp2 libgnomesu-1.0.0-307.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libgnomesu-1.0.0-307.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-1946 cpe:/o:suse:suse_sles:11:sp2 libgtop-2.28.0-1.2.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libgtop-2.28.0-1.2.20 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0235 cpe:/o:suse:suse_sles:11:sp2 libicu-32bit-4.0-7.24.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libicu-32bit-4.0-7.24.11 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 cpe:/o:suse:suse_sles:11:sp2 libicu-32bit-4.0-7.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libicu-32bit-4.0-7.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 CVE-2010-4409 cpe:/o:suse:suse_sles:11:sp2 libltdl7-2.2.6-2.131.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libltdl7-2.2.6-2.131.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3736 cpe:/o:suse:suse_sles:11:sp2 libmusicbrainz4-2.1.5-5.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libmusicbrainz4-2.1.5-5.18 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4197 cpe:/o:suse:suse_sles:11:sp2 libmysqlclient15-32bit-5.0.94-0.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libmysqlclient15-32bit-5.0.94-0.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 cpe:/o:suse:suse_sles:11:sp2 libneon27-0.29.6-6.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libneon27-0.29.6-6.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0157 CVE-2008-3746 CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:suse_sles:11:sp2 libnetpbm10-10.26.44-101.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libnetpbm10-10.26.44-101.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-4274 cpe:/o:suse:suse_sles:11:sp2 libnewt0_52-0.52.10-1.35.7 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libnewt0_52-0.52.10-1.35.7 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2905 cpe:/o:suse:suse_sles:11:sp2 libopensc2-0.11.6-5.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libopensc2-0.11.6-5.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-2235 CVE-2009-0368 cpe:/o:suse:suse_sles:11:sp2 libopenssl0_9_8-0.9.8j-0.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libopenssl0_9_8-0.9.8j-0.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0740 CVE-2010-2939 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 cpe:/o:suse:suse_sles:11:sp2 libpng12-0-1.2.31-5.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libpng12-0-1.2.31-5.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5793 CVE-2008-3964 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 CVE-2009-2042 CVE-2009-5063 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 cpe:/o:suse:suse_sles:11:sp2 libpoppler-glib4-0.12.3-1.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libpoppler-glib4-0.12.3-1.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0104 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-2950 CVE-2009-0755 CVE-2009-0756 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 cpe:/o:suse:suse_sles:11:sp2 libpulse-browse0-0.9.23-0.7.128 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libpulse-browse0-0.9.23-0.7.128 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-0008 cpe:/o:suse:suse_sles:11:sp2 libpython2_6-1_0-2.6.0-8.12.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libpython2_6-1_0-2.6.0-8.12.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3560 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 cpe:/o:suse:suse_sles:11:sp2 libqt4-sql-mysql-4.6.3-5.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libqt4-sql-mysql-4.6.3-5.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4811 CVE-2009-0945 CVE-2011-3193 cpe:/o:suse:suse_sles:11:sp2 librpcsecgss-0.18-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the librpcsecgss-0.18-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3999 cpe:/o:suse:suse_sles:11:sp2 librsvg-2.26.0-2.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the librsvg-2.26.0-2.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-3146 cpe:/o:suse:suse_sles:11:sp2 libsamplerate-0.1.4-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libsamplerate-0.1.4-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-5008 cpe:/o:suse:suse_sles:11:sp2 libsndfile-1.0.20-2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libsndfile-1.0.20-2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 CVE-2009-4835 CVE-2011-2696 cpe:/o:suse:suse_sles:11:sp2 libsnmp15-32bit-5.4.2.1-8.12.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libsnmp15-32bit-5.4.2.1-8.12.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4309 CVE-2008-6123 cpe:/o:suse:suse_sles:11:sp2 libsoup-2_4-1-2.32.2-4.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libsoup-2_4-1-2.32.2-4.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5876 CVE-2011-2524 cpe:/o:suse:suse_sles:11:sp2 libtiff3-3.8.2-141.142.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libtiff3-3.8.2-141.142.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1586 CVE-2008-2327 CVE-2009-2285 CVE-2009-2347 CVE-2010-1411 CVE-2010-4665 CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 cpe:/o:suse:suse_sles:11:sp2 libvirt-0.9.6-0.13.42 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libvirt-0.9.6-0.13.42 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-5086 CVE-2010-2242 CVE-2011-1146 CVE-2011-1486 CVE-2011-2511 CVE-2011-4600 cpe:/o:suse:suse_sles:11:sp2 libvorbis-1.2.0-79.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libvorbis-1.2.0-79.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2009-2663 CVE-2009-3379 cpe:/o:suse:suse_sles:11:sp2 libxcrypt-3.0.3-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libxcrypt-3.0.3-0.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp2 libxml2-2.7.6-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libxml2-2.7.6-0.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-6284 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2414 CVE-2009-2416 CVE-2010-4494 CVE-2011-1944 CVE-2011-2821 CVE-2011-3919 cpe:/o:suse:suse_sles:11:sp2 libxslt-1.1.24-19.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libxslt-1.1.24-19.15 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1767 cpe:/o:suse:suse_sles:11:sp2 libzip1-0.9-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the libzip1-0.9-1.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0421 cpe:/o:suse:suse_sles:11:sp2 log4net-1.2.10-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the log4net-1.2.10-1.36 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-0743 cpe:/o:suse:suse_sles:11:sp2 logrotate-3.7.7-10.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the logrotate-3.7.7-10.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:suse_sles:11:sp2 logwatch-7.3.6-65.72.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the logwatch-7.3.6-65.72.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-1018 cpe:/o:suse:suse_sles:11:sp2 lvm2-2.02.84-3.25.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the lvm2-2.02.84-3.25.5 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-2526 cpe:/o:suse:suse_sles:11:sp2 mailman-2.1.14-9.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the mailman-2.1.14-9.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-2191 CVE-2006-2941 CVE-2006-3636 CVE-2010-3089 CVE-2010-3090 CVE-2011-0707 cpe:/o:suse:suse_sles:11:sp2 man-2.5.2-17.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the man-2.5.2-17.16 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4250 cpe:/o:suse:suse_sles:11:sp2 mipv6d-2.0.2.umip.0.4-8.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-8.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:suse_sles:11:sp2 mono-core-2.6.7-0.7.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the mono-core-2.6.7-0.7.19 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0217 CVE-2010-1459 CVE-2010-3332 CVE-2010-4159 cpe:/o:suse:suse_sles:11:sp2 mozilla-xulrunner192-1.9.2.24-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the mozilla-xulrunner192-1.9.2.24-0.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-5913 CVE-2009-3555 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 cpe:/o:suse:suse_sles:11:sp2 mutt-1.5.17-42.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the mutt-1.5.17-42.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1558 cpe:/o:suse:suse_sles:11:sp2 nagios-3.0.6-1.25.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the nagios-3.0.6-1.25.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-5803 CVE-2011-1523 cpe:/o:suse:suse_sles:11:sp2 nagios-plugins-1.4.13-1.35 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the nagios-plugins-1.4.13-1.35 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-5623 cpe:/o:suse:suse_sles:11:sp2 ntp-4.2.4p8-1.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ntp-4.2.4p8-1.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0159 CVE-2009-1252 cpe:/o:suse:suse_sles:11:sp2 ofed-1.5.2-0.22.23 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ofed-1.5.2-0.22.23 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-1693 CVE-2010-3904 CVE-2010-4649 CVE-2011-3345 cpe:/o:suse:suse_sles:11:sp2 openslp-1.2.0-172.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the openslp-1.2.0-172.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-3609 cpe:/o:suse:suse_sles:11:sp2 openssh-5.1p1-41.51.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the openssh-5.1p1-41.51.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-0225 CVE-2007-4752 CVE-2008-1483 cpe:/o:suse:suse_sles:11:sp2 openswan-2.6.16-1.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the openswan-2.6.16-1.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4190 CVE-2009-2185 CVE-2011-4073 cpe:/o:suse:suse_sles:11:sp2 openvpn-2.0.9-143.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the openvpn-2.0.9-143.31 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4339 cpe:/o:suse:suse_sles:11:sp2 opie-2.4-662.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the opie-2.4-662.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:suse_sles:11:sp2 pam-1.1.5-0.10.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pam-1.1.5-0.10.17 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0579 CVE-2009-0887 CVE-2011-3148 CVE-2011-3149 cpe:/o:suse:suse_sles:11:sp2 pam_krb5-2.3.1-47.10.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pam_krb5-2.3.1-47.10.15 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-3825 cpe:/o:suse:suse_sles:11:sp2 pam_ldap-184-147.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pam_ldap-184-147.20 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-5170 cpe:/o:suse:suse_sles:11:sp2 pam_mount-0.47-13.13.65 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pam_mount-0.47-13.13.65 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-5138 cpe:/o:suse:suse_sles:11:sp2 pango-1.26.2-1.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pango-1.26.2-1.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:suse_sles:11:sp2 pcsc-ccid-1.3.8-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pcsc-ccid-1.3.8-3.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-4530 cpe:/o:suse:suse_sles:11:sp2 pcsc-lite-1.4.102-1.37.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pcsc-lite-1.4.102-1.37.3 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-0407 CVE-2010-4531 cpe:/o:suse:suse_sles:11:sp2 perl-32bit-5.10.0-64.55.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the perl-32bit-5.10.0-64.55.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-5116 CVE-2010-1168 CVE-2010-1447 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-1487 cpe:/o:suse:suse_sles:11:sp2 perl-HTML-Parser-3.56-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the perl-HTML-Parser-3.56-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3627 cpe:/o:suse:suse_sles:11:sp2 perl-Tk-804.028-50.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the perl-Tk-804.028-50.24 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4484 cpe:/o:suse:suse_sles:11:sp2 perl-libwww-perl-5.816-2.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the perl-libwww-perl-5.816-2.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0633 cpe:/o:suse:suse_sles:11:sp2 perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the perl-spamassassin-3.3.1-10.8.3 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-0451 CVE-2007-2873 cpe:/o:suse:suse_sles:11:sp2 postgresql-8.3.14-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the postgresql-8.3.14-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-3555 CVE-2009-4034 CVE-2009-4136 CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2010-4014 CVE-2010-4015 cpe:/o:suse:suse_sles:11:sp2 puppet-2.6.12-0.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the puppet-2.6.12-0.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-0156 CVE-2011-3848 CVE-2011-3869 CVE-2011-3870 CVE-2011-3871 CVE-2011-3872 cpe:/o:suse:suse_sles:11:sp2 pure-ftpd-1.0.22-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pure-ftpd-1.0.22-3.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0411 CVE-2011-3171 cpe:/o:suse:suse_sles:11:sp2 python-2.6.0-8.12.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the python-2.6.0-8.12.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-2052 CVE-2008-1721 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 cpe:/o:suse:suse_sles:11:sp2 python-sssd-config-1.5.11-0.9.96 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the python-sssd-config-1.5.11-0.9.96 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-4341 CVE-2011-1758 cpe:/o:suse:suse_sles:11:sp2 pyxml-0.8.4-194.23.38 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the pyxml-0.8.4-194.23.38 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3560 CVE-2009-3720 cpe:/o:suse:suse_sles:11:sp2 qt3-3.3.8b-88.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the qt3-3.3.8b-88.21 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-4811 CVE-2007-0242 CVE-2007-3388 CVE-2007-4137 cpe:/o:suse:suse_sles:11:sp2 quagga-0.99.15-0.6.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the quagga-0.99.15-0.6.2 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-2223 CVE-2007-1995 CVE-2010-1674 CVE-2010-1675 CVE-2010-2948 CVE-2010-2949 cpe:/o:suse:suse_sles:11:sp2 radvd-1.1-1.24.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the radvd-1.1-1.24.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-3602 CVE-2011-3603 CVE-2011-3604 CVE-2011-3605 cpe:/o:suse:suse_sles:11:sp2 rsync-3.0.4-2.38.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the rsync-3.0.4-2.38.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4091 CVE-2007-6199 CVE-2011-1097 cpe:/o:suse:suse_sles:11:sp2 rsyslog-5.8.7-0.5.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the rsyslog-5.8.7-0.5.5 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-3200 cpe:/o:suse:suse_sles:11:sp2 ruby-1.8.7.p357-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the ruby-1.8.7.p357-0.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-3694 CVE-2006-5467 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 CVE-2008-1145 CVE-2008-3790 CVE-2009-0642 CVE-2009-1904 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 cpe:/o:suse:suse_sles:11:sp2 squid-2.7.STABLE5-2.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the squid-2.7.STABLE5-2.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-0478 CVE-2009-2855 CVE-2010-0308 CVE-2010-0639 cpe:/o:suse:suse_sles:11:sp2 squid3-3.1.12-8.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the squid3-3.1.12-8.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2005-0094 CVE-2011-3205 CVE-2011-4096 cpe:/o:suse:suse_sles:11:sp2 squidGuard-1.4-13.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the squidGuard-1.4-13.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-3700 CVE-2009-3826 cpe:/o:suse:suse_sles:11:sp2 star-1.5final-28.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the star-1.5final-28.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4134 cpe:/o:suse:suse_sles:11:sp2 sudo-1.7.6p2-0.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the sudo-1.7.6p2-0.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-0426 CVE-2010-0427 cpe:/o:suse:suse_sles:11:sp2 sysconfig-0.71.47-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the sysconfig-0.71.47-0.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-4182 cpe:/o:suse:suse_sles:11:sp2 syslog-ng-2.0.9-27.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the syslog-ng-2.0.9-27.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-5110 cpe:/o:suse:suse_sles:11:sp2 sysstat-8.1.5-7.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the sysstat-8.1.5-7.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3852 cpe:/o:suse:suse_sles:11:sp2 system-config-printer-1.0.8-9.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the system-config-printer-1.0.8-9.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-4405 cpe:/o:suse:suse_sles:11:sp2 systemtap-1.5-0.7.54 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the systemtap-1.5-0.7.54 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2009-2911 CVE-2009-4273 cpe:/o:suse:suse_sles:11:sp2 t1lib-5.1.1-100.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the t1lib-5.1.1-100.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-2642 cpe:/o:suse:suse_sles:11:sp2 tar-1.26-1.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the tar-1.26-1.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2001-1267 CVE-2002-0399 CVE-2006-6097 CVE-2010-0624 cpe:/o:suse:suse_sles:11:sp2 tftp-0.48-101.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the tftp-0.48-101.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-2199 cpe:/o:suse:suse_sles:11:sp2 tgt-0.9.10-0.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the tgt-0.9.10-0.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-0001 cpe:/o:suse:suse_sles:11:sp2 tomcat6-6.0.18-20.35.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the tomcat6-6.0.18-20.35.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 cpe:/o:suse:suse_sles:11:sp2 unrar-3.80.2-2.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the unrar-3.80.2-2.8 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-3726 cpe:/o:suse:suse_sles:11:sp2 unzip-6.00-11.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the unzip-6.00-11.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2005-2475 cpe:/o:suse:suse_sles:11:sp2 vte-0.22.5-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the vte-0.22.5-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2010-2713 cpe:/o:suse:suse_sles:11:sp2 w3m-0.5.2-132.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the w3m-0.5.2-132.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6772 CVE-2010-2074 cpe:/o:suse:suse_sles:11:sp2 wget-1.11.4-1.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the wget-1.11.4-1.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6719 cpe:/o:suse:suse_sles:11:sp2 wireshark-1.4.10-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the wireshark-1.4.10-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-1932 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-2560 CVE-2009-2562 CVE-2009-3549 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304 CVE-2010-1455 CVE-2010-2992 CVE-2010-2993 CVE-2010-2994 CVE-2010-2995 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 cpe:/o:suse:suse_sles:11:sp2 xdg-utils-1.0.2-36.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xdg-utils-1.0.2-36.18 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-0386 cpe:/o:suse:suse_sles:11:sp2 xen-4.1.2_14-0.5.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xen-4.1.2_14-0.5.5 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 CVE-2007-3919 CVE-2011-1898 CVE-2012-0029 cpe:/o:suse:suse_sles:11:sp2 xorg-x11-7.4-9.47.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xorg-x11-7.4-9.47.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2007-4568 CVE-2011-0465 cpe:/o:suse:suse_sles:11:sp2 xorg-x11-Xvnc-7.4-27.60.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xorg-x11-Xvnc-7.4-27.60.5 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 CVE-2007-1003 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2010-2240 CVE-2010-4818 CVE-2010-4819 CVE-2011-4028 CVE-2011-4029 cpe:/o:suse:suse_sles:11:sp2 xorg-x11-libs-32bit-7.4-8.26.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xorg-x11-libs-32bit-7.4-8.26.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-2895 cpe:/o:suse:suse_sles:11:sp2 xterm-238-1.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the xterm-238-1.16 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-2383 cpe:/o:suse:suse_sles:11:sp2 yast2-2.17.119-0.5.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the yast2-2.17.119-0.5.25 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp2 yast2-core-2.17.44-0.5.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the yast2-core-2.17.44-0.5.3 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2008-4311 CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp2 zoo-2.10-911.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP2 These are all security issues fixed in the zoo-2.10-911.22 package on the GA media of SUSE Linux Enterprise Server 11 SP2. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:suse_sles:11:sp2 LibVNCServer-0.9.1-154.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the LibVNCServer-0.9.1-154.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-2450 cpe:/o:suse:suse_sles:11:sp3 Mesa-32bit-9.0.3-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the Mesa-32bit-9.0.3-0.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-1993 cpe:/o:suse:suse_sles:11:sp3 MozillaFirefox-17.0.4esr-0.10.42 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the MozillaFirefox-17.0.4esr-0.10.42 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0078 CVE-2007-0079 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3670 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2008-0412 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2008-5913 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0183 CVE-2010-0654 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2011-3665 CVE-2012-0441 CVE-2012-0452 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 cpe:/o:suse:suse_sles:11:sp3 NetworkManager-0.7.1_git20090811-3.28.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the NetworkManager-0.7.1_git20090811-3.28.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0365 CVE-2009-0578 cpe:/o:suse:suse_sles:11:sp3 NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the NetworkManager-gnome-0.7.1-5.22.28 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0365 CVE-2009-0578 CVE-2009-4144 CVE-2009-4145 cpe:/o:suse:suse_sles:11:sp3 OpenEXR-1.6.1-83.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the OpenEXR-1.6.1-83.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:suse_sles:11:sp3 PackageKit-0.3.14-2.28.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the PackageKit-0.3.14-2.28.46 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-4311 cpe:/o:suse:suse_sles:11:sp3 PolicyKit-0.9-14.41.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the PolicyKit-0.9-14.41.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1658 cpe:/o:suse:suse_sles:11:sp3 aaa_base-11-6.90.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the aaa_base-11-6.90.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0461 cpe:/o:suse:suse_sles:11:sp3 acpid-1.0.6-91.25.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the acpid-1.0.6-91.25.20 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0798 CVE-2011-4578 cpe:/o:suse:suse_sles:11:sp3 amavisd-new-2.7.0-18.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the amavisd-new-2.7.0-18.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2005-1349 cpe:/o:suse:suse_sles:11:sp3 ant-1.7.1-20.9.53 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ant-1.7.1-20.9.53 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-2098 cpe:/o:suse:suse_sles:11:sp3 apache2-2.2.12-1.38.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the apache2-2.2.12-1.38.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-3747 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6750 CVE-2008-0005 CVE-2008-1678 CVE-2008-2364 CVE-2008-2939 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2010-0408 CVE-2010-0434 CVE-2010-1452 CVE-2010-2068 CVE-2011-3192 CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4557 CVE-2012-4558 cpe:/o:suse:suse_sles:11:sp3 apache2-mod_jk-1.2.26-1.30.110 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the apache2-mod_jk-1.2.26-1.30.110 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0774 CVE-2008-5519 cpe:/o:suse:suse_sles:11:sp3 apache2-mod_perl-2.0.4-40.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the apache2-mod_perl-2.0.4-40.19 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1349 cpe:/o:suse:suse_sles:11:sp3 apache2-mod_php53-5.3.17-0.13.7 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the apache2-mod_php53-5.3.17-0.13.7 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-7243 CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1398 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4388 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0807 CVE-2012-0830 CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2386 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 cpe:/o:suse:suse_sles:11:sp3 apache2-mod_security2-2.7.1-0.2.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the apache2-mod_security2-2.7.1-0.2.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-5031 CVE-2012-2751 CVE-2012-4528 CVE-2013-1915 cpe:/o:suse:suse_sles:11:sp3 ark-4.3.5-0.3.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ark-4.3.5-0.3.3 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2725 cpe:/o:suse:suse_sles:11:sp3 avahi-0.6.23-11.30.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the avahi-0.6.23-11.30.4 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 cpe:/o:suse:suse_sles:11:sp3 bind-9.6ESVR7P4-0.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the bind-9.6ESVR7P4-0.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4339 CVE-2007-2925 CVE-2007-2926 CVE-2009-0696 CVE-2009-4022 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 cpe:/o:suse:suse_sles:11:sp3 boost-license-1.36.0-12.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the boost-license-1.36.0-12.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-0171 cpe:/o:suse:suse_sles:11:sp3 bzip2-1.0.5-34.253.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the bzip2-1.0.5-34.253.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1372 CVE-2010-0405 cpe:/o:suse:suse_sles:11:sp3 cifs-utils-5.1-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the cifs-utils-5.1-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2011-1678 CVE-2012-1586 cpe:/o:suse:suse_sles:11:sp3 clamav-0.97.7-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the clamav-0.97.7-0.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4182 CVE-2006-5295 CVE-2006-5874 CVE-2007-0897 CVE-2007-0898 CVE-2007-1745 CVE-2007-1997 CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 CVE-2007-6595 CVE-2007-6596 CVE-2008-0318 CVE-2008-0728 CVE-2008-1100 CVE-2008-2713 CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 cpe:/o:suse:suse_sles:11:sp3 compat-libldap-2_3-0-2.3.37-2.24.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the compat-libldap-2_3-0-2.3.37-2.24.36 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-1164 cpe:/o:suse:suse_sles:11:sp3 coolkey-1.1.0-22.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the coolkey-1.1.0-22.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4129 cpe:/o:suse:suse_sles:11:sp3 cron-4.1-194.207.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the cron-4.1-194.207.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:suse_sles:11:sp3 cups-1.3.9-8.46.46.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the cups-1.3.9-8.46.46.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-0047 CVE-2008-1373 CVE-2008-1693 CVE-2008-1722 CVE-2008-3641 CVE-2009-0163 CVE-2009-0949 CVE-2009-2820 CVE-2009-3553 CVE-2010-0302 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 CVE-2011-2896 CVE-2011-3170 cpe:/o:suse:suse_sles:11:sp3 curl-7.19.7-1.26.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the curl-7.19.7-1.26.8 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 CVE-2013-1944 cpe:/o:suse:suse_sles:11:sp3 cvs-1.12.12-144.23.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the cvs-1.12.12-144.23.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-0804 cpe:/o:suse:suse_sles:11:sp3 cyrus-imapd-2.3.11-60.65.64.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the cyrus-imapd-2.3.11-60.65.64.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3235 CVE-2011-3372 cpe:/o:suse:suse_sles:11:sp3 dbus-1-1.2.10-3.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the dbus-1-1.2.10-3.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6107 CVE-2008-0595 CVE-2008-3834 CVE-2008-4311 CVE-2009-1189 CVE-2010-4352 CVE-2012-3524 cpe:/o:suse:suse_sles:11:sp3 dbus-1-glib-0.76-34.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the dbus-1-glib-0.76-34.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-1172 cpe:/o:suse:suse_sles:11:sp3 dhcp-4.2.4.P2-0.16.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the dhcp-4.2.4.P2-0.16.15 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0692 CVE-2009-1892 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 cpe:/o:suse:suse_sles:11:sp3 dhcpcd-3.2.3-44.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the dhcpcd-3.2.3-44.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0997 cpe:/o:suse:suse_sles:11:sp3 e2fsprogs-1.41.9-2.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the e2fsprogs-1.41.9-2.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-5497 cpe:/o:suse:suse_sles:11:sp3 ecryptfs-utils-32bit-61-1.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ecryptfs-utils-32bit-61-1.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-3145 cpe:/o:suse:suse_sles:11:sp3 ed-0.2-1001.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ed-0.2-1001.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-3916 cpe:/o:suse:suse_sles:11:sp3 emacs-22.3-4.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the emacs-22.3-4.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-5795 cpe:/o:suse:suse_sles:11:sp3 enscript-1.6.4-152.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the enscript-1.6.4-152.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-3863 CVE-2008-4306 cpe:/o:suse:suse_sles:11:sp3 evince-2.28.2-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the evince-2.28.2-0.7.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5864 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 cpe:/o:suse:suse_sles:11:sp3 evolution-data-server-2.28.2-0.29.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the evolution-data-server-2.28.2-0.29.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3257 cpe:/o:suse:suse_sles:11:sp3 expat-2.0.1-88.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the expat-2.0.1-88.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 cpe:/o:suse:suse_sles:11:sp3 fetchmail-6.3.8.90-13.20.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the fetchmail-6.3.8.90-13.20.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5867 CVE-2006-5974 CVE-2007-1558 CVE-2007-4565 CVE-2009-2666 CVE-2011-1947 cpe:/o:suse:suse_sles:11:sp3 file-32bit-4.24-43.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the file-32bit-4.24-43.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1536 CVE-2007-2799 cpe:/o:suse:suse_sles:11:sp3 findutils-4.4.0-38.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the findutils-4.4.0-38.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-2452 cpe:/o:suse:suse_sles:11:sp3 foomatic-filters-3.0.2-269.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the foomatic-filters-3.0.2-269.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2697 cpe:/o:suse:suse_sles:11:sp3 freeradius-server-2.1.1-7.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the freeradius-server-2.1.1-7.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-4474 CVE-2011-4966 cpe:/o:suse:suse_sles:11:sp3 freetype2-2.3.7-25.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the freetype2-2.3.7-25.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1351 CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-2895 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 cpe:/o:suse:suse_sles:11:sp3 fuse-2.8.7-0.9.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the fuse-2.8.7-0.9.12 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3297 CVE-2011-0541 cpe:/o:suse:suse_sles:11:sp3 fvwm2-2.5.26-1.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the fvwm2-2.5.26-1.25 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5969 cpe:/o:suse:suse_sles:11:sp3 g3utils-1.1.36-26.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the g3utils-1.1.36-26.31 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-4936 cpe:/o:suse:suse_sles:11:sp3 gd-2.0.36.RC1-52.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gd-2.0.36.RC1-52.18 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-2756 cpe:/o:suse:suse_sles:11:sp3 ghostscript-fonts-other-8.62-32.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ghostscript-fonts-other-8.62-32.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 CVE-2009-0792 CVE-2009-3743 CVE-2010-1869 CVE-2010-4054 CVE-2012-4405 cpe:/o:suse:suse_sles:11:sp3 glib2-2.22.5-0.8.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the glib2-2.22.5-0.8.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-2371 CVE-2008-4316 cpe:/o:suse:suse_sles:11:sp3 glibc-2.11.3-17.54.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the glibc-2.11.3-17.54.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-5029 CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp3 gmime-2.2.23-1.50.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gmime-2.2.23-1.50.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-0409 cpe:/o:suse:suse_sles:11:sp3 gnome-screensaver-2.28.3-0.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gnome-screensaver-2.28.3-0.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-0887 CVE-2010-0414 CVE-2010-0422 cpe:/o:suse:suse_sles:11:sp3 gnutls-2.4.1-24.39.45.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gnutls-2.4.1-24.39.45.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4790 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 CVE-2008-4989 CVE-2009-2730 CVE-2009-3555 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2013-1619 cpe:/o:suse:suse_sles:11:sp3 gpg2-2.0.9-25.33.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gpg2-2.0.9-25.33.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-3746 CVE-2006-6169 CVE-2008-1530 CVE-2010-2547 cpe:/o:suse:suse_sles:11:sp3 gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.35-5.15.8 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0586 cpe:/o:suse:suse_sles:11:sp3 gstreamer-0_10-plugins-good-0.10.30-5.8.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.30-5.8.11 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1686 CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-1932 cpe:/o:suse:suse_sles:11:sp3 gtk2-2.18.9-0.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gtk2-2.18.9-0.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0010 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:suse_sles:11:sp3 guestfs-data-1.20.4-0.14.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the guestfs-data-1.20.4-0.14.9 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-2124 cpe:/o:suse:suse_sles:11:sp3 gvim-7.2-8.15.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gvim-7.2-8.15.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-2438 CVE-2007-2953 cpe:/o:suse:suse_sles:11:sp3 gzip-1.3.12-69.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the gzip-1.3.12-69.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:suse_sles:11:sp3 hplip-3.11.10-0.6.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the hplip-3.11.10-0.6.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2004-0801 CVE-2007-5208 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 cpe:/o:suse:suse_sles:11:sp3 hyper-v-5-0.7.10 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the hyper-v-5-0.7.10 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-2669 CVE-2012-5532 cpe:/o:suse:suse_sles:11:sp3 ibutils-1.5.7-0.7.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ibutils-1.5.7-0.7.31 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-3277 cpe:/o:suse:suse_sles:11:sp3 ipsec-tools-0.7.3-1.1.93 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ipsec-tools-0.7.3-1.1.93 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1841 CVE-2008-3652 cpe:/o:suse:suse_sles:11:sp3 jakarta-commons-httpclient3-3.0.1-253.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the jakarta-commons-httpclient3-3.0.1-253.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-5783 cpe:/o:suse:suse_sles:11:sp3 java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196 CVE-2008-5351 CVE-2009-3555 CVE-2010-0771 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3553 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4476 CVE-2012-0551 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-1541 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 CVE-2012-3143 CVE-2012-3159 CVE-2012-3213 CVE-2012-3216 CVE-2012-3342 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-0169 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-0485 CVE-2013-0809 CVE-2013-1473 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 CVE-2013-1486 CVE-2013-1487 CVE-2013-1493 cpe:/o:suse:suse_sles:11:sp3 java-1_7_0-ibm-1.7.0_sr4.1-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the java-1_7_0-ibm-1.7.0_sr4.1-0.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-0547 CVE-2012-0551 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-1541 CVE-2012-1682 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3143 CVE-2012-3159 CVE-2012-3174 CVE-2012-3213 CVE-2012-3216 CVE-2012-3342 CVE-2012-4681 CVE-2012-5067 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0422 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0449 CVE-2013-0450 CVE-2013-0485 CVE-2013-0809 CVE-2013-1473 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 CVE-2013-1493 cpe:/o:suse:suse_sles:11:sp3 jpeg-6b-879.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the jpeg-6b-879.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-2806 cpe:/o:suse:suse_sles:11:sp3 kbd-1.14.1-16.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kbd-1.14.1-16.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0460 cpe:/o:suse:suse_sles:11:sp3 kde4-kgreeter-plugins-4.3.5-0.12.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kde4-kgreeter-plugins-4.3.5-0.12.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-0436 cpe:/o:suse:suse_sles:11:sp3 kdebase3-runtime-3.5.10-20.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kdebase3-runtime-3.5.10-20.31 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4569 cpe:/o:suse:suse_sles:11:sp3 kdelibs3-3.5.10-23.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kdelibs3-3.5.10-23.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 CVE-2008-1671 CVE-2009-0689 cpe:/o:suse:suse_sles:11:sp3 kdelibs4-4.3.5-0.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kdelibs4-4.3.5-0.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0689 CVE-2011-1168 cpe:/o:suse:suse_sles:11:sp3 kdenetwork4-filesharing-4.3.5-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kdenetwork4-filesharing-4.3.5-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-1000 cpe:/o:suse:suse_sles:11:sp3 kernel-default-3.0.76-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kernel-default-3.0.76-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-0007 CVE-2008-0009 CVE-2008-0010 CVE-2008-1375 CVE-2008-1669 CVE-2008-1673 CVE-2008-1675 CVE-2008-3528 CVE-2008-3831 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300 CVE-2009-0029 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0415 CVE-2010-0622 CVE-2010-0623 CVE-2010-1146 CVE-2010-1173 CVE-2010-1437 CVE-2010-1641 CVE-2010-2066 CVE-2010-2798 CVE-2010-2803 CVE-2010-2942 CVE-2010-2943 CVE-2010-2946 CVE-2010-2954 CVE-2010-2955 CVE-2010-2959 CVE-2010-2960 CVE-2010-2962 CVE-2010-2963 CVE-2010-3015 CVE-2010-3078 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3084 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2010-3437 CVE-2010-3699 CVE-2010-3705 CVE-2010-3861 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-3881 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4076 CVE-2010-4077 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4164 CVE-2010-4165 CVE-2010-4169 CVE-2010-4175 CVE-2010-4243 CVE-2010-4251 CVE-2010-4258 CVE-2010-4342 CVE-2010-4529 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 CVE-2011-0710 CVE-2011-0711 CVE-2011-0712 CVE-2011-1016 CVE-2011-1017 CVE-2011-1020 CVE-2011-1083 CVE-2011-1160 CVE-2011-1180 CVE-2011-1182 CVE-2011-1478 CVE-2011-1573 CVE-2011-1577 CVE-2011-1593 CVE-2011-2182 CVE-2011-2183 CVE-2011-2203 CVE-2011-2479 CVE-2011-2491 CVE-2011-2494 CVE-2011-2495 CVE-2011-2496 CVE-2011-3191 CVE-2011-4086 CVE-2011-4097 CVE-2011-4127 CVE-2011-4131 CVE-2011-4604 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0056 CVE-2012-0207 CVE-2012-1090 CVE-2012-1097 CVE-2012-1146 CVE-2012-1179 CVE-2012-1601 CVE-2012-2119 CVE-2012-2133 CVE-2012-2136 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373 CVE-2012-2390 CVE-2012-2663 CVE-2012-2745 CVE-2012-3412 CVE-2012-3430 CVE-2012-4461 CVE-2012-5517 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0871 CVE-2013-0913 CVE-2013-1767 CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 CVE-2013-2094 CVE-2013-2850 cpe:/o:suse:suse_sles:11:sp3 krb5-1.6.3-133.49.54.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the krb5-1.6.3-133.49.54.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6143 CVE-2006-6144 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2007-5894 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-4212 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 CVE-2013-1415 cpe:/o:suse:suse_sles:11:sp3 krb5-doc-1.6.3-133.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the krb5-doc-1.6.3-133.21 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp3 krb5-plugin-kdb-ldap-1.6.3-133.49.54.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the krb5-plugin-kdb-ldap-1.6.3-133.49.54.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 CVE-2013-1415 cpe:/o:suse:suse_sles:11:sp3 kvm-1.4.1-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the kvm-1.4.1-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-2382 CVE-2008-5714 CVE-2012-2652 CVE-2012-3515 CVE-2013-2007 cpe:/o:suse:suse_sles:11:sp3 lcms-1.17-77.14.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the lcms-1.17-77.14.19 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 cpe:/o:suse:suse_sles:11:sp3 ldapsmb-1.34b-12.39.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ldapsmb-1.34b-12.39.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 cpe:/o:suse:suse_sles:11:sp3 libMagickCore1-32bit-6.4.3.6-7.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libMagickCore1-32bit-6.4.3.6-7.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 CVE-2012-3437 cpe:/o:suse:suse_sles:11:sp3 libQtWebKit4-32bit-4.6.3-5.25.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libQtWebKit4-32bit-4.6.3-5.25.5 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4811 CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 cpe:/o:suse:suse_sles:11:sp3 libadns1-1.4-73.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libadns1-1.4-73.21 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1447 CVE-2008-4100 cpe:/o:suse:suse_sles:11:sp3 libapr-util1-1.3.4-12.22.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libapr-util1-1.3.4-12.22.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2412 CVE-2010-1623 cpe:/o:suse:suse_sles:11:sp3 libapr1-1.3.3-11.18.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libapr1-1.3.3-11.18.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 cpe:/o:suse:suse_sles:11:sp3 libarchive2-2.5.5-5.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libarchive2-2.5.5-5.19 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5680 CVE-2007-3641 CVE-2007-3644 CVE-2007-3645 cpe:/o:suse:suse_sles:11:sp3 libcap-progs-2.11-2.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libcap-progs-2.11-2.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-4099 cpe:/o:suse:suse_sles:11:sp3 libcgroup1-0.37.1-5.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libcgroup1-0.37.1-5.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1006 CVE-2011-1022 cpe:/o:suse:suse_sles:11:sp3 libdrm-2.4.41-0.8.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libdrm-2.4.41-0.8.46 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-3831 cpe:/o:suse:suse_sles:11:sp3 libecpg6-9.1.9-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libecpg6-9.1.9-0.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 cpe:/o:suse:suse_sles:11:sp3 libexif-0.6.17-2.14.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libexif-0.6.17-2.14.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-6351 CVE-2007-6352 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 cpe:/o:suse:suse_sles:11:sp3 libexiv2-4-0.17.1-31.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libexiv2-4-0.17.1-31.20 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-6353 cpe:/o:suse:suse_sles:11:sp3 libfreebl3-3.14.3-0.11.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libfreebl3-3.14.3-0.11.11 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2013-0743 cpe:/o:suse:suse_sles:11:sp3 libgdiplus0-2.6.7-0.5.76 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libgdiplus0-2.6.7-0.5.76 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-1526 cpe:/o:suse:suse_sles:11:sp3 libgnomesu-1.0.0-307.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libgnomesu-1.0.0-307.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1946 cpe:/o:suse:suse_sles:11:sp3 libgtop-2.28.0-1.9.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libgtop-2.28.0-1.9.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0235 cpe:/o:suse:suse_sles:11:sp3 libicu-32bit-4.0-7.26.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libicu-32bit-4.0-7.26.15 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 CVE-2010-4409 cpe:/o:suse:suse_sles:11:sp3 libltdl7-2.2.6-2.131.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libltdl7-2.2.6-2.131.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3736 cpe:/o:suse:suse_sles:11:sp3 libmusicbrainz4-2.1.5-5.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libmusicbrainz4-2.1.5-5.18 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4197 cpe:/o:suse:suse_sles:11:sp3 libmysqlclient15-32bit-5.0.96-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libmysqlclient15-32bit-5.0.96-0.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2009-5026 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 CVE-2012-2122 CVE-2012-5611 cpe:/o:suse:suse_sles:11:sp3 libneon27-0.29.6-6.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libneon27-0.29.6-6.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0157 CVE-2008-3746 CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:suse_sles:11:sp3 libnetpbm10-10.26.44-101.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libnetpbm10-10.26.44-101.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-4274 cpe:/o:suse:suse_sles:11:sp3 libnewt0_52-0.52.10-1.35.113 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libnewt0_52-0.52.10-1.35.113 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2905 cpe:/o:suse:suse_sles:11:sp3 libopensc2-0.11.6-5.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libopensc2-0.11.6-5.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-2235 CVE-2009-0368 cpe:/o:suse:suse_sles:11:sp3 libopenssl0_9_8-0.9.8j-0.50.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libopenssl0_9_8-0.9.8j-0.50.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0740 CVE-2010-2939 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 cpe:/o:suse:suse_sles:11:sp3 libotr2-3.2.0-10.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libotr2-3.2.0-10.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-3461 cpe:/o:suse:suse_sles:11:sp3 libpng12-0-1.2.31-5.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libpng12-0-1.2.31-5.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5793 CVE-2008-3964 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 CVE-2009-2042 CVE-2009-5063 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2012-3425 cpe:/o:suse:suse_sles:11:sp3 libpoppler-glib4-0.12.3-1.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libpoppler-glib4-0.12.3-1.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0104 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-2950 CVE-2009-0755 CVE-2009-0756 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 CVE-2013-1790 cpe:/o:suse:suse_sles:11:sp3 libproxy0-0.3.1-2.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libproxy0-0.3.1-2.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-4505 cpe:/o:suse:suse_sles:11:sp3 libpulse-browse0-0.9.23-0.7.128 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libpulse-browse0-0.9.23-0.7.128 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-0008 cpe:/o:suse:suse_sles:11:sp3 libpython2_6-1_0-2.6.8-0.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libpython2_6-1_0-2.6.8-0.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3560 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 cpe:/o:suse:suse_sles:11:sp3 librpcsecgss-0.18-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the librpcsecgss-0.18-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3999 cpe:/o:suse:suse_sles:11:sp3 librsvg-2.26.0-2.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the librsvg-2.26.0-2.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-3146 cpe:/o:suse:suse_sles:11:sp3 libsamplerate-0.1.4-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libsamplerate-0.1.4-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-5008 cpe:/o:suse:suse_sles:11:sp3 libsndfile-1.0.20-2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libsndfile-1.0.20-2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 CVE-2009-4835 CVE-2011-2696 cpe:/o:suse:suse_sles:11:sp3 libsnmp15-32bit-5.4.2.1-8.12.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libsnmp15-32bit-5.4.2.1-8.12.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-4309 CVE-2008-6123 CVE-2012-2141 cpe:/o:suse:suse_sles:11:sp3 libsoup-2_4-1-2.32.2-4.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libsoup-2_4-1-2.32.2-4.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5876 CVE-2011-2524 CVE-2012-2132 cpe:/o:suse:suse_sles:11:sp3 libsss_idmap0-1.9.4-0.12.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libsss_idmap0-1.9.4-0.12.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 cpe:/o:suse:suse_sles:11:sp3 libtiff3-3.8.2-141.152.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libtiff3-3.8.2-141.152.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1586 CVE-2008-2327 CVE-2009-2285 CVE-2009-2347 CVE-2010-1411 CVE-2010-4665 CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 CVE-2013-1960 CVE-2013-1961 cpe:/o:suse:suse_sles:11:sp3 libtspi1-0.3.10-0.9.50 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libtspi1-0.3.10-0.9.50 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-0698 cpe:/o:suse:suse_sles:11:sp3 libupsclient1-2.6.2-0.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libupsclient1-2.6.2-0.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-2944 cpe:/o:suse:suse_sles:11:sp3 libvirt-1.0.5.1-0.7.10 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libvirt-1.0.5.1-0.7.10 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-5086 CVE-2010-2242 CVE-2011-1146 CVE-2011-1486 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2012-4423 CVE-2013-1962 cpe:/o:suse:suse_sles:11:sp3 libvorbis-1.2.0-79.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libvorbis-1.2.0-79.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2009-2663 CVE-2009-3379 CVE-2012-0444 cpe:/o:suse:suse_sles:11:sp3 libxcrypt-3.0.3-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libxcrypt-3.0.3-0.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp3 libxml2-2.7.6-0.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libxml2-2.7.6-0.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-6284 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2414 CVE-2009-2416 CVE-2010-4494 CVE-2011-1944 CVE-2011-2821 CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 cpe:/o:suse:suse_sles:11:sp3 libxslt-1.1.24-19.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libxslt-1.1.24-19.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1767 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:suse_sles:11:sp3 libzip1-0.9-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the libzip1-0.9-1.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0421 cpe:/o:suse:suse_sles:11:sp3 log4net-1.2.10-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the log4net-1.2.10-1.36 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-0743 cpe:/o:suse:suse_sles:11:sp3 logrotate-3.7.7-10.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the logrotate-3.7.7-10.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:suse_sles:11:sp3 logwatch-7.3.6-65.72.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the logwatch-7.3.6-65.72.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1018 cpe:/o:suse:suse_sles:11:sp3 lvm2-2.02.98-0.25.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the lvm2-2.02.98-0.25.3 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2526 cpe:/o:suse:suse_sles:11:sp3 mailman-2.1.14-9.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mailman-2.1.14-9.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-2191 CVE-2006-2941 CVE-2006-3636 CVE-2010-3089 CVE-2010-3090 CVE-2011-0707 cpe:/o:suse:suse_sles:11:sp3 man-2.5.2-17.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the man-2.5.2-17.16 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4250 cpe:/o:suse:suse_sles:11:sp3 mipv6d-2.0.2.umip.0.4-8.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-8.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:suse_sles:11:sp3 mono-core-2.6.7-0.7.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mono-core-2.6.7-0.7.19 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0217 CVE-2010-1459 CVE-2010-3332 CVE-2010-4159 cpe:/o:suse:suse_sles:11:sp3 mono-core-2.6.7-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mono-core-2.6.7-0.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0217 CVE-2010-1459 CVE-2010-3332 CVE-2010-4159 CVE-2012-3382 cpe:/o:suse:suse_sles:11:sp3 mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mozilla-xulrunner192-1.9.2.27-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-5913 CVE-2009-3555 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3026 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 CVE-2011-3659 CVE-2011-3666 CVE-2011-3670 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0449 cpe:/o:suse:suse_sles:11:sp3 mutt-1.5.17-42.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the mutt-1.5.17-42.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1558 cpe:/o:suse:suse_sles:11:sp3 nagios-3.0.6-1.25.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the nagios-3.0.6-1.25.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-5803 CVE-2011-1523 CVE-2012-6096 cpe:/o:suse:suse_sles:11:sp3 nagios-plugins-1.4.16-0.11.35 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the nagios-plugins-1.4.16-0.11.35 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-5623 cpe:/o:suse:suse_sles:11:sp3 nfs-client-1.2.3-18.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the nfs-client-1.2.3-18.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-1923 cpe:/o:suse:suse_sles:11:sp3 ntp-4.2.4p8-1.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ntp-4.2.4p8-1.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0159 CVE-2009-1252 cpe:/o:suse:suse_sles:11:sp3 ofed-1.5.4.1-0.11.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ofed-1.5.4.1-0.11.5 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-1693 CVE-2010-3904 CVE-2010-4649 CVE-2011-3345 cpe:/o:suse:suse_sles:11:sp3 openCryptoki-2.4.2-0.9.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the openCryptoki-2.4.2-0.9.12 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-4454 CVE-2012-4455 cpe:/o:suse:suse_sles:11:sp3 openslp-1.2.0-172.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the openslp-1.2.0-172.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-3609 cpe:/o:suse:suse_sles:11:sp3 openssh-6.2p2-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the openssh-6.2p2-0.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-0225 CVE-2007-4752 CVE-2008-1483 CVE-2010-5107 CVE-2011-5000 CVE-2012-0814 cpe:/o:suse:suse_sles:11:sp3 openvpn-2.0.9-143.38.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the openvpn-2.0.9-143.38.22 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4339 cpe:/o:suse:suse_sles:11:sp3 opie-2.4-662.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the opie-2.4-662.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:suse_sles:11:sp3 pam-1.1.5-0.10.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pam-1.1.5-0.10.17 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0579 CVE-2009-0887 CVE-2011-3148 CVE-2011-3149 cpe:/o:suse:suse_sles:11:sp3 pam_krb5-2.3.1-47.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pam_krb5-2.3.1-47.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-3825 cpe:/o:suse:suse_sles:11:sp3 pam_ldap-184-147.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pam_ldap-184-147.20 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-5170 cpe:/o:suse:suse_sles:11:sp3 pam_mount-0.47-13.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pam_mount-0.47-13.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-5138 cpe:/o:suse:suse_sles:11:sp3 pango-1.26.2-1.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pango-1.26.2-1.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:suse_sles:11:sp3 pcsc-ccid-1.3.8-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pcsc-ccid-1.3.8-3.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-4530 cpe:/o:suse:suse_sles:11:sp3 pcsc-lite-1.4.102-1.37.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pcsc-lite-1.4.102-1.37.3 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-0407 CVE-2010-4531 cpe:/o:suse:suse_sles:11:sp3 perl-32bit-5.10.0-64.67.52 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the perl-32bit-5.10.0-64.67.52 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-5116 CVE-2010-1168 CVE-2010-1447 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-1487 CVE-2011-2728 CVE-2012-5526 CVE-2012-6329 CVE-2013-1667 cpe:/o:suse:suse_sles:11:sp3 perl-HTML-Parser-3.56-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the perl-HTML-Parser-3.56-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3627 cpe:/o:suse:suse_sles:11:sp3 perl-Tk-804.028-50.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the perl-Tk-804.028-50.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4484 cpe:/o:suse:suse_sles:11:sp3 perl-libwww-perl-5.816-2.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the perl-libwww-perl-5.816-2.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0633 cpe:/o:suse:suse_sles:11:sp3 perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the perl-spamassassin-3.3.1-10.8.3 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-0451 CVE-2007-2873 cpe:/o:suse:suse_sles:11:sp3 postgresql-8.3.23-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the postgresql-8.3.23-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-3555 CVE-2009-4034 CVE-2009-4136 CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2010-4014 CVE-2010-4015 CVE-2012-0866 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 cpe:/o:suse:suse_sles:11:sp3 puppet-2.6.18-0.4.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the puppet-2.6.18-0.4.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-0156 CVE-2011-1986 CVE-2011-3848 CVE-2011-3869 CVE-2011-3870 CVE-2011-3871 CVE-2011-3872 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 CVE-2012-3864 CVE-2012-3865 CVE-2012-3867 cpe:/o:suse:suse_sles:11:sp3 pure-ftpd-1.0.22-3.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pure-ftpd-1.0.22-3.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0411 CVE-2011-3171 cpe:/o:suse:suse_sles:11:sp3 python-2.6.8-0.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the python-2.6.8-0.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-2052 CVE-2008-1721 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 cpe:/o:suse:suse_sles:11:sp3 python-pam-0.5.0-3.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the python-pam-0.5.0-3.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-1502 cpe:/o:suse:suse_sles:11:sp3 pyxml-0.8.4-194.23.38 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the pyxml-0.8.4-194.23.38 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3560 CVE-2009-3720 cpe:/o:suse:suse_sles:11:sp3 qt3-3.3.8b-88.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the qt3-3.3.8b-88.21 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-4811 CVE-2007-0242 CVE-2007-3388 CVE-2007-4137 cpe:/o:suse:suse_sles:11:sp3 quagga-0.99.15-0.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the quagga-0.99.15-0.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-2223 CVE-2007-1995 CVE-2010-1674 CVE-2010-1675 CVE-2010-2948 CVE-2010-2949 cpe:/o:suse:suse_sles:11:sp3 radvd-1.1-1.24.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the radvd-1.1-1.24.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-3602 CVE-2011-3603 CVE-2011-3604 CVE-2011-3605 cpe:/o:suse:suse_sles:11:sp3 rsync-3.0.4-2.47.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the rsync-3.0.4-2.47.28 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4091 CVE-2007-6199 CVE-2011-1097 cpe:/o:suse:suse_sles:11:sp3 rsyslog-5.10.1-0.7.49 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the rsyslog-5.10.1-0.7.49 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-3200 cpe:/o:suse:suse_sles:11:sp3 ruby-1.8.7.p357-0.9.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the ruby-1.8.7.p357-0.9.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-3694 CVE-2006-5467 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 CVE-2008-1145 CVE-2008-3790 CVE-2009-0642 CVE-2009-1904 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 CVE-2012-4466 cpe:/o:suse:suse_sles:11:sp3 sblim-sfcb-1.3.11-0.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the sblim-sfcb-1.3.11-0.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-3381 cpe:/o:suse:suse_sles:11:sp3 socat-1.7.0.0-1.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the socat-1.7.0.0-1.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2799 CVE-2012-0219 cpe:/o:suse:suse_sles:11:sp3 squid-2.7.STABLE5-2.12.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the squid-2.7.STABLE5-2.12.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-0478 CVE-2009-2855 CVE-2010-0308 CVE-2010-0639 CVE-2012-5643 CVE-2013-0188 CVE-2013-0189 cpe:/o:suse:suse_sles:11:sp3 squid3-3.1.12-8.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the squid3-3.1.12-8.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2005-0094 CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-0189 cpe:/o:suse:suse_sles:11:sp3 squidGuard-1.4-13.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the squidGuard-1.4-13.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-3700 CVE-2009-3826 cpe:/o:suse:suse_sles:11:sp3 star-1.5final-28.23.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the star-1.5final-28.23.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4134 cpe:/o:suse:suse_sles:11:sp3 stunnel-4.54-0.9.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the stunnel-4.54-0.9.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-1762 cpe:/o:suse:suse_sles:11:sp3 sudo-1.7.6p2-0.17.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the sudo-1.7.6p2-0.17.5 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-0426 CVE-2010-0427 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 cpe:/o:suse:suse_sles:11:sp3 sysconfig-0.71.61-0.11.12 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the sysconfig-0.71.61-0.11.12 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-4182 cpe:/o:suse:suse_sles:11:sp3 syslog-ng-2.0.9-27.34.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the syslog-ng-2.0.9-27.34.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-5110 cpe:/o:suse:suse_sles:11:sp3 sysstat-8.1.5-7.45.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the sysstat-8.1.5-7.45.24 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3852 cpe:/o:suse:suse_sles:11:sp3 system-config-printer-1.0.8-9.23.44 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the system-config-printer-1.0.8-9.23.44 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-4405 CVE-2012-4510 cpe:/o:suse:suse_sles:11:sp3 systemtap-1.5-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the systemtap-1.5-0.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2009-2911 CVE-2009-4273 CVE-2012-0875 cpe:/o:suse:suse_sles:11:sp3 t1lib-5.1.1-100.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the t1lib-5.1.1-100.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 cpe:/o:suse:suse_sles:11:sp3 taglib-1.5-19.23.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the taglib-1.5-19.23.4 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-1108 CVE-2012-1584 cpe:/o:suse:suse_sles:11:sp3 tar-1.26-1.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the tar-1.26-1.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2001-1267 CVE-2002-0399 CVE-2006-6097 CVE-2010-0624 cpe:/o:suse:suse_sles:11:sp3 tftp-0.48-101.31.27 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the tftp-0.48-101.31.27 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2199 cpe:/o:suse:suse_sles:11:sp3 tgt-0.9.10-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the tgt-0.9.10-0.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-0001 cpe:/o:suse:suse_sles:11:sp3 tomcat6-6.0.18-20.35.40.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the tomcat6-6.0.18-20.35.40.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 cpe:/o:suse:suse_sles:11:sp3 unixODBC_23-2.3.1-0.9.40 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the unixODBC_23-2.3.1-0.9.40 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-1145 cpe:/o:suse:suse_sles:11:sp3 unrar-3.80.2-2.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the unrar-3.80.2-2.8 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-3726 cpe:/o:suse:suse_sles:11:sp3 unzip-6.00-11.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the unzip-6.00-11.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2005-2475 cpe:/o:suse:suse_sles:11:sp3 virt-utils-1.2.1-0.7.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the virt-utils-1.2.1-0.7.19 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-1922 cpe:/o:suse:suse_sles:11:sp3 vte-0.22.5-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the vte-0.22.5-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2713 cpe:/o:suse:suse_sles:11:sp3 w3m-0.5.2-132.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the w3m-0.5.2-132.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6772 CVE-2010-2074 cpe:/o:suse:suse_sles:11:sp3 wget-1.11.4-1.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the wget-1.11.4-1.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6719 cpe:/o:suse:suse_sles:11:sp3 wireshark-1.8.6-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the wireshark-1.8.6-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-1932 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-2560 CVE-2009-2562 CVE-2009-3549 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304 CVE-2010-1455 CVE-2010-2992 CVE-2010-2993 CVE-2010-2994 CVE-2010-2995 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-1593 CVE-2012-1595 CVE-2012-1596 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4296 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 cpe:/o:suse:suse_sles:11:sp3 x3270-3.3.12-517.12.34 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the x3270-3.3.12-517.12.34 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2012-5662 cpe:/o:suse:suse_sles:11:sp3 xdg-utils-1.0.2-36.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xdg-utils-1.0.2-36.18 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-0386 cpe:/o:suse:suse_sles:11:sp3 xen-4.2.2_04-0.7.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xen-4.2.2_04-0.7.5 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 CVE-2007-3919 CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3497 CVE-2012-3498 CVE-2012-3515 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-2072 cpe:/o:suse:suse_sles:11:sp3 xorg-x11-7.4-9.62.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xorg-x11-7.4-9.62.46 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2007-4568 CVE-2011-0465 cpe:/o:suse:suse_sles:11:sp3 xorg-x11-Xvnc-7.4-27.81.7 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xorg-x11-Xvnc-7.4-27.81.7 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 CVE-2007-1003 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2010-2240 CVE-2010-4818 CVE-2010-4819 CVE-2011-4028 CVE-2011-4029 CVE-2013-1940 cpe:/o:suse:suse_sles:11:sp3 xorg-x11-libs-32bit-7.4-8.26.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xorg-x11-libs-32bit-7.4-8.26.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-2895 cpe:/o:suse:suse_sles:11:sp3 xorg-x11-libxcb-32bit-7.4-1.29.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xorg-x11-libxcb-32bit-7.4-1.29.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2013-2064 cpe:/o:suse:suse_sles:11:sp3 xorg-x11-server-dmx-7.3.99-17.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xorg-x11-server-dmx-7.3.99-17.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2010-2240 CVE-2011-4028 CVE-2011-4029 cpe:/o:suse:suse_sles:11:sp3 xterm-238-1.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the xterm-238-1.16 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-2383 cpe:/o:suse:suse_sles:11:sp3 yast2-2.17.129-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the yast2-2.17.129-0.7.2 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp3 yast2-core-2.17.45-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the yast2-core-2.17.45-0.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2008-4311 CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp3 zoo-2.10-911.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP3 These are all security issues fixed in the zoo-2.10-911.22 package on the GA media of SUSE Linux Enterprise Server 11 SP3. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:suse_sles:11:sp3 LibVNCServer-0.9.1-154.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the LibVNCServer-0.9.1-154.24 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-2450 cpe:/o:suse:suse_sles:11:sp4 Mesa-32bit-9.0.3-0.28.29.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the Mesa-32bit-9.0.3-0.28.29.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1872 CVE-2013-1993 cpe:/o:suse:suse_sles:11:sp4 MozillaFirefox-31.7.0esr-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the MozillaFirefox-31.7.0esr-0.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0078 CVE-2007-0079 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3670 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2008-0412 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2008-5913 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0183 CVE-2010-0654 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2011-3665 CVE-2012-0441 CVE-2012-0452 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1705 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1739 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/o:suse:suse_sles:11:sp4 NetworkManager-0.7.1_git20090811-3.28.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the NetworkManager-0.7.1_git20090811-3.28.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0365 CVE-2009-0578 cpe:/o:suse:suse_sles:11:sp4 NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the NetworkManager-gnome-0.7.1-5.22.28 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0365 CVE-2009-0578 CVE-2009-4144 CVE-2009-4145 cpe:/o:suse:suse_sles:11:sp4 OpenEXR-1.6.1-83.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the OpenEXR-1.6.1-83.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:suse_sles:11:sp4 PackageKit-0.3.14-2.30.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the PackageKit-0.3.14-2.30.11 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-4311 cpe:/o:suse:suse_sles:11:sp4 PolicyKit-0.9-14.43.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the PolicyKit-0.9-14.43.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1658 cpe:/o:suse:suse_sles:11:sp4 a2ps-4.13-1326.37.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the a2ps-4.13-1326.37.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-0466 cpe:/o:suse:suse_sles:11:sp4 aaa_base-11-6.105.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the aaa_base-11-6.105.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0461 cpe:/o:suse:suse_sles:11:sp4 acpid-1.0.6-91.25.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the acpid-1.0.6-91.25.20 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0798 CVE-2011-4578 cpe:/o:suse:suse_sles:11:sp4 amavisd-new-2.7.0-18.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the amavisd-new-2.7.0-18.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2005-1349 cpe:/o:suse:suse_sles:11:sp4 ant-1.7.1-20.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ant-1.7.1-20.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-2098 cpe:/o:suse:suse_sles:11:sp4 apache2-2.2.12-1.51.52.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-2.2.12-1.51.52.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2003-1418 CVE-2006-3747 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6750 CVE-2008-0005 CVE-2008-1678 CVE-2008-2364 CVE-2008-2939 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2010-0408 CVE-2010-0434 CVE-2010-1452 CVE-2010-2068 CVE-2011-3192 CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4557 CVE-2012-4558 CVE-2013-1862 CVE-2013-1896 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 CVE-2014-3581 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_jk-1.2.40-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-mod_jk-1.2.40-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0774 CVE-2008-5519 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_nss-1.0.8-0.4.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-mod_nss-1.0.8-0.4.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-4566 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_perl-2.0.4-40.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-mod_perl-2.0.4-40.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1349 CVE-2013-1667 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_php53-5.3.17-0.41.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-mod_php53-5.3.17-0.41.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-7243 CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1398 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4388 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0807 CVE-2012-0830 CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2386 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4248 CVE-2013-4635 CVE-2013-6420 CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5459 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_security2-2.7.1-0.2.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the apache2-mod_security2-2.7.1-0.2.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-5031 CVE-2012-2751 CVE-2012-4528 CVE-2013-1915 CVE-2013-2765 CVE-2013-5705 cpe:/o:suse:suse_sles:11:sp4 ark-4.3.5-0.3.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ark-4.3.5-0.3.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2725 cpe:/o:suse:suse_sles:11:sp4 augeas-0.9.0-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the augeas-0.9.0-3.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-0786 CVE-2013-6412 cpe:/o:suse:suse_sles:11:sp4 automake-1.10.1-4.131.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the automake-1.10.1-4.131.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-4029 CVE-2012-3386 cpe:/o:suse:suse_sles:11:sp4 avahi-0.6.23-11.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the avahi-0.6.23-11.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 cpe:/o:suse:suse_sles:11:sp4 bash-3.2-147.27.35 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the bash-3.2-147.27.35 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/o:suse:suse_sles:11:sp4 bind-9.9.6P1-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the bind-9.9.6P1-0.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4339 CVE-2007-2925 CVE-2007-2926 CVE-2009-0696 CVE-2009-4022 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 cpe:/o:suse:suse_sles:11:sp4 binutils-2.24-3.62 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the binutils-2.24-3.62 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/o:suse:suse_sles:11:sp4 boost-license-1.36.0-12.6.49 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the boost-license-1.36.0-12.6.49 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-0171 cpe:/o:suse:suse_sles:11:sp4 bzip2-1.0.5-34.253.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the bzip2-1.0.5-34.253.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1372 CVE-2010-0405 cpe:/o:suse:suse_sles:11:sp4 cifs-utils-5.1-0.14.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cifs-utils-5.1-0.14.46 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2011-1678 CVE-2012-1586 cpe:/o:suse:suse_sles:11:sp4 clamav-0.98.7-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the clamav-0.98.7-0.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4182 CVE-2006-5295 CVE-2006-5874 CVE-2007-0897 CVE-2007-0898 CVE-2007-1745 CVE-2007-1997 CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 CVE-2007-6595 CVE-2007-6596 CVE-2008-0318 CVE-2008-0728 CVE-2008-1100 CVE-2008-2713 CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2013-2020 CVE-2013-2021 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 cpe:/o:suse:suse_sles:11:sp4 compat-libldap-2_3-0-2.3.37-2.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the compat-libldap-2_3-0-2.3.37-2.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-1164 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/o:suse:suse_sles:11:sp4 coolkey-1.1.0-22.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the coolkey-1.1.0-22.24 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4129 cpe:/o:suse:suse_sles:11:sp4 coreutils-8.12-6.25.32.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the coreutils-8.12-6.25.32.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 cpe:/o:suse:suse_sles:11:sp4 cpio-2.9-75.78.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cpio-2.9-75.78.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9112 cpe:/o:suse:suse_sles:11:sp4 cron-4.1-194.211.213.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cron-4.1-194.211.213.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:suse_sles:11:sp4 cups-1.3.9-8.46.56.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cups-1.3.9-8.46.56.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-0047 CVE-2008-1373 CVE-2008-1693 CVE-2008-1722 CVE-2008-3641 CVE-2009-0163 CVE-2009-0949 CVE-2009-2820 CVE-2009-3553 CVE-2010-0302 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 CVE-2011-2896 CVE-2011-3170 CVE-2012-5519 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 cpe:/o:suse:suse_sles:11:sp4 curl-7.19.7-1.42.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the curl-7.19.7-1.42.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 cpe:/o:suse:suse_sles:11:sp4 cvs-1.12.12-144.23.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cvs-1.12.12-144.23.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-0804 cpe:/o:suse:suse_sles:11:sp4 cyrus-imapd-2.3.11-60.65.64.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the cyrus-imapd-2.3.11-60.65.64.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3235 CVE-2011-3372 cpe:/o:suse:suse_sles:11:sp4 davfs2-1.5.2-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the davfs2-1.5.2-1.36 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-4362 cpe:/o:suse:suse_sles:11:sp4 dbus-1-1.2.10-3.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the dbus-1-1.2.10-3.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-6107 CVE-2008-0595 CVE-2008-3834 CVE-2008-4311 CVE-2009-1189 CVE-2010-4352 CVE-2012-3524 CVE-2014-3477 CVE-2014-3638 CVE-2014-3639 cpe:/o:suse:suse_sles:11:sp4 dbus-1-glib-0.76-34.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the dbus-1-glib-0.76-34.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-1172 cpe:/o:suse:suse_sles:11:sp4 dhcp-4.2.4.P2-0.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the dhcp-4.2.4.P2-0.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0692 CVE-2009-1892 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 cpe:/o:suse:suse_sles:11:sp4 dhcpcd-3.2.3-44.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the dhcpcd-3.2.3-44.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0997 cpe:/o:suse:suse_sles:11:sp4 dnsmasq-2.71-0.14.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the dnsmasq-2.71-0.14.9 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2015-3294 cpe:/o:suse:suse_sles:11:sp4 e2fsprogs-1.41.9-2.14.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the e2fsprogs-1.41.9-2.14.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-5497 CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:suse_sles:11:sp4 ecryptfs-utils-32bit-61-1.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ecryptfs-utils-32bit-61-1.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-3145 cpe:/o:suse:suse_sles:11:sp4 ed-0.2-1001.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ed-0.2-1001.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-3916 cpe:/o:suse:suse_sles:11:sp4 elfutils-0.152-4.9.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the elfutils-0.152-4.9.17 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9447 cpe:/o:suse:suse_sles:11:sp4 emacs-22.3-4.42.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the emacs-22.3-4.42.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-5795 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:suse_sles:11:sp4 enscript-1.6.4-152.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the enscript-1.6.4-152.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-3863 CVE-2008-4306 cpe:/o:suse:suse_sles:11:sp4 evince-2.28.2-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the evince-2.28.2-0.7.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5864 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 cpe:/o:suse:suse_sles:11:sp4 evolution-data-server-2.28.2-0.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the evolution-data-server-2.28.2-0.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3257 cpe:/o:suse:suse_sles:11:sp4 expat-2.0.1-88.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the expat-2.0.1-88.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 cpe:/o:suse:suse_sles:11:sp4 fastjar-0.95-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the fastjar-0.95-1.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0831 cpe:/o:suse:suse_sles:11:sp4 fetchmail-6.3.8.90-13.20.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the fetchmail-6.3.8.90-13.20.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5867 CVE-2006-5974 CVE-2007-1558 CVE-2007-4565 CVE-2009-2666 CVE-2011-1947 cpe:/o:suse:suse_sles:11:sp4 file-32bit-4.24-43.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the file-32bit-4.24-43.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1536 CVE-2007-2799 CVE-2014-3710 cpe:/o:suse:suse_sles:11:sp4 findutils-4.4.0-38.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the findutils-4.4.0-38.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-2452 cpe:/o:suse:suse_sles:11:sp4 foomatic-filters-3.0.2-269.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the foomatic-filters-3.0.2-269.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2697 cpe:/o:suse:suse_sles:11:sp4 freeradius-server-2.1.1-7.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the freeradius-server-2.1.1-7.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-4474 CVE-2011-4966 CVE-2014-2015 cpe:/o:suse:suse_sles:11:sp4 freetype2-2.3.7-25.35.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the freetype2-2.3.7-25.35.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1351 CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-2895 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:suse_sles:11:sp4 fuse-2.8.7-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the fuse-2.8.7-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 cpe:/o:suse:suse_sles:11:sp4 fvwm2-2.5.26-1.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the fvwm2-2.5.26-1.25 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5969 cpe:/o:suse:suse_sles:11:sp4 g3utils-1.1.36-26.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the g3utils-1.1.36-26.31 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-4936 cpe:/o:suse:suse_sles:11:sp4 gd-2.0.36.RC1-52.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gd-2.0.36.RC1-52.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-2756 CVE-2014-9709 cpe:/o:suse:suse_sles:11:sp4 ghostscript-fonts-other-8.62-32.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ghostscript-fonts-other-8.62-32.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 CVE-2009-0792 CVE-2009-3743 CVE-2010-1869 CVE-2010-4054 CVE-2012-4405 cpe:/o:suse:suse_sles:11:sp4 glib2-2.22.5-0.8.14.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the glib2-2.22.5-0.8.14.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-2371 CVE-2008-4316 cpe:/o:suse:suse_sles:11:sp4 glibc-2.11.3-17.84.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the glibc-2.11.3-17.84.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-5029 CVE-2011-2483 CVE-2012-4412 CVE-2012-6656 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2013-4788 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-9402 CVE-2015-0235 CVE-2015-1472 cpe:/o:suse:suse_sles:11:sp4 gmime-2.2.23-1.50.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gmime-2.2.23-1.50.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0409 cpe:/o:suse:suse_sles:11:sp4 gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gnome-screensaver-2.28.3-0.39.17 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-0887 CVE-2010-0414 CVE-2010-0422 cpe:/o:suse:suse_sles:11:sp4 gnutls-2.4.1-24.39.55.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gnutls-2.4.1-24.39.55.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4790 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 CVE-2008-4989 CVE-2009-2730 CVE-2009-3555 CVE-2009-5138 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2013-1619 CVE-2013-2116 CVE-2014-0092 CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-0282 CVE-2015-0294 cpe:/o:suse:suse_sles:11:sp4 gpg2-2.0.9-25.33.39.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gpg2-2.0.9-25.33.39.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-3746 CVE-2006-6169 CVE-2008-1530 CVE-2010-2547 CVE-2012-6085 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 cpe:/o:suse:suse_sles:11:sp4 gpgme-1.1.6-25.32.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gpgme-1.1.6-25.32.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3564 cpe:/o:suse:suse_sles:11:sp4 gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.35-5.15.8 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0586 cpe:/o:suse:suse_sles:11:sp4 gstreamer-0_10-plugins-good-0.10.30-5.12.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.30-5.12.15 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1686 CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-1932 cpe:/o:suse:suse_sles:11:sp4 gtk2-2.18.9-0.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gtk2-2.18.9-0.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0010 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:suse_sles:11:sp4 guestfs-data-1.20.12-0.18.70 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the guestfs-data-1.20.12-0.18.70 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2124 CVE-2013-4419 cpe:/o:suse:suse_sles:11:sp4 gvim-7.2-8.15.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gvim-7.2-8.15.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-2438 CVE-2007-2953 cpe:/o:suse:suse_sles:11:sp4 gzip-1.3.12-69.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the gzip-1.3.12-69.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:suse_sles:11:sp4 hplip-3.11.10-0.6.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the hplip-3.11.10-0.6.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2004-0801 CVE-2007-5208 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-0200 CVE-2013-4288 CVE-2013-4325 CVE-2013-6402 cpe:/o:suse:suse_sles:11:sp4 hyper-v-6-3.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the hyper-v-6-3.5 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-2669 CVE-2012-5532 cpe:/o:suse:suse_sles:11:sp4 ibutils-1.5.7-0.15.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ibutils-1.5.7-0.15.22 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-3277 CVE-2013-1894 cpe:/o:suse:suse_sles:11:sp4 ipsec-tools-0.7.3-1.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ipsec-tools-0.7.3-1.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1841 CVE-2008-3652 cpe:/o:suse:suse_sles:11:sp4 jakarta-commons-fileupload-1.1.1-1.37.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the jakarta-commons-fileupload-1.1.1-1.37.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2186 CVE-2014-0050 cpe:/o:suse:suse_sles:11:sp4 jakarta-commons-httpclient3-3.0.1-253.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the jakarta-commons-httpclient3-3.0.1-253.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-5783 cpe:/o:suse:suse_sles:11:sp4 java-1_7_1-ibm-1.7.1_sr3.0-1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the java-1_7_1-ibm-1.7.1_sr3.0-1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0138 CVE-2015-0192 CVE-2015-1914 CVE-2015-2808 cpe:/o:suse:suse_sles:11:sp4 jpeg-6b-879.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the jpeg-6b-879.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-2806 cpe:/o:suse:suse_sles:11:sp4 kbd-1.14.1-16.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kbd-1.14.1-16.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0460 cpe:/o:suse:suse_sles:11:sp4 kde4-kgreeter-plugins-4.3.5-0.12.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kde4-kgreeter-plugins-4.3.5-0.12.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0436 CVE-2013-4132 CVE-2013-4133 cpe:/o:suse:suse_sles:11:sp4 kdebase3-runtime-3.5.10-20.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdebase3-runtime-3.5.10-20.31 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4569 cpe:/o:suse:suse_sles:11:sp4 kdebase4-runtime-4.3.5-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdebase4-runtime-4.3.5-0.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-7252 cpe:/o:suse:suse_sles:11:sp4 kdelibs3-3.5.10-23.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdelibs3-3.5.10-23.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 CVE-2008-1671 CVE-2009-0689 cpe:/o:suse:suse_sles:11:sp4 kdelibs4-4.3.5-0.14.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdelibs4-4.3.5-0.14.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0689 CVE-2011-1168 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 cpe:/o:suse:suse_sles:11:sp4 kdenetwork4-filesharing-4.3.5-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdenetwork4-filesharing-4.3.5-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-1000 cpe:/o:suse:suse_sles:11:sp4 kdirstat-2.4.4-255.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kdirstat-2.4.4-255.28.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-2528 cpe:/o:suse:suse_sles:11:sp4 kernel-default-3.0.101-63.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kernel-default-3.0.101-63.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-0007 CVE-2008-0009 CVE-2008-0010 CVE-2008-1375 CVE-2008-1669 CVE-2008-1673 CVE-2008-1675 CVE-2008-3528 CVE-2008-3831 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300 CVE-2009-0029 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0415 CVE-2010-0622 CVE-2010-0623 CVE-2010-1146 CVE-2010-1173 CVE-2010-1437 CVE-2010-1641 CVE-2010-2066 CVE-2010-2798 CVE-2010-2803 CVE-2010-2942 CVE-2010-2943 CVE-2010-2946 CVE-2010-2954 CVE-2010-2955 CVE-2010-2959 CVE-2010-2960 CVE-2010-2962 CVE-2010-2963 CVE-2010-3015 CVE-2010-3078 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3084 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2010-3437 CVE-2010-3699 CVE-2010-3705 CVE-2010-3861 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-3881 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4076 CVE-2010-4077 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4164 CVE-2010-4165 CVE-2010-4169 CVE-2010-4175 CVE-2010-4243 CVE-2010-4251 CVE-2010-4258 CVE-2010-4342 CVE-2010-4529 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 CVE-2011-0710 CVE-2011-0711 CVE-2011-0712 CVE-2011-1016 CVE-2011-1017 CVE-2011-1020 CVE-2011-1083 CVE-2011-1160 CVE-2011-1180 CVE-2011-1182 CVE-2011-1478 CVE-2011-1573 CVE-2011-1577 CVE-2011-1593 CVE-2011-2182 CVE-2011-2183 CVE-2011-2203 CVE-2011-2479 CVE-2011-2491 CVE-2011-2494 CVE-2011-2495 CVE-2011-2496 CVE-2011-3191 CVE-2011-4086 CVE-2011-4097 CVE-2011-4127 CVE-2011-4131 CVE-2011-4604 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0056 CVE-2012-0207 CVE-2012-1090 CVE-2012-1097 CVE-2012-1146 CVE-2012-1179 CVE-2012-1601 CVE-2012-2119 CVE-2012-2133 CVE-2012-2136 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373 CVE-2012-2390 CVE-2012-2663 CVE-2012-2745 CVE-2012-3412 CVE-2012-3430 CVE-2012-4398 CVE-2012-4461 CVE-2012-5517 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0871 CVE-2013-0913 CVE-2013-1059 CVE-2013-1767 CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1819 CVE-2013-1848 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-2148 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-2852 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-2929 CVE-2013-3301 CVE-2013-4162 CVE-2013-4163 CVE-2013-4470 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4579 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6382 CVE-2013-6885 CVE-2013-7027 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-0101 CVE-2014-0131 CVE-2014-0155 CVE-2014-0181 CVE-2014-0196 CVE-2014-0691 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1737 CVE-2014-1738 CVE-2014-1739 CVE-2014-1874 CVE-2014-2309 CVE-2014-2523 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3144 CVE-2014-3145 CVE-2014-3153 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-3917 CVE-2014-4171 CVE-2014-4508 CVE-2014-4608 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4667 CVE-2014-4699 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-7822 CVE-2014-7826 CVE-2014-7841 CVE-2014-7842 CVE-2014-7970 CVE-2014-8086 CVE-2014-8133 CVE-2014-8134 CVE-2014-8159 CVE-2014-8160 CVE-2014-8369 CVE-2014-8559 CVE-2014-8709 CVE-2014-9090 CVE-2014-9322 CVE-2014-9419 CVE-2014-9420 CVE-2014-9529 CVE-2014-9584 CVE-2014-9585 CVE-2014-9683 CVE-2015-0777 CVE-2015-1421 CVE-2015-1593 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 cpe:/o:suse:suse_sles:11:sp4 krb5-1.6.3-133.49.66.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the krb5-1.6.3-133.49.66.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2002-2443 CVE-2006-6143 CVE-2006-6144 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2007-5894 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-4212 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 CVE-2013-1415 CVE-2013-1418 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/o:suse:suse_sles:11:sp4 krb5-doc-1.6.3-133.49.66.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the krb5-doc-1.6.3-133.49.66.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 cpe:/o:suse:suse_sles:11:sp4 krb5-plugin-kdb-ldap-1.6.3-133.49.66.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the krb5-plugin-kdb-ldap-1.6.3-133.49.66.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2002-2443 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 CVE-2013-1415 CVE-2013-1418 cpe:/o:suse:suse_sles:11:sp4 kvm-1.4.2-30.5 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the kvm-1.4.2-30.5 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-2382 CVE-2008-5714 CVE-2012-2652 CVE-2012-3515 CVE-2013-2007 CVE-2013-2016 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4344 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-2894 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 cpe:/o:suse:suse_sles:11:sp4 lcms-1.17-77.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the lcms-1.17-77.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:suse_sles:11:sp4 ldapsmb-1.34b-12.58.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ldapsmb-1.34b-12.58.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4496 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 CVE-2015-0240 cpe:/o:suse:suse_sles:11:sp4 libFLAC++6-1.2.1-68.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libFLAC++6-1.2.1-68.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:suse_sles:11:sp4 libMagickCore1-32bit-6.4.3.6-7.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libMagickCore1-32bit-6.4.3.6-7.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 CVE-2012-3437 CVE-2014-1947 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 cpe:/o:suse:suse_sles:11:sp4 libQtWebKit4-32bit-4.6.3-5.34.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libQtWebKit4-32bit-4.6.3-5.34.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4811 CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:suse_sles:11:sp4 libadns1-1.4-73.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libadns1-1.4-73.21 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1447 CVE-2008-4100 cpe:/o:suse:suse_sles:11:sp4 libapr-util1-1.3.4-12.22.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libapr-util1-1.3.4-12.22.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2412 CVE-2010-1623 cpe:/o:suse:suse_sles:11:sp4 libapr1-1.3.3-11.18.19.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libapr1-1.3.3-11.18.19.8 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 cpe:/o:suse:suse_sles:11:sp4 libarchive2-2.5.5-5.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libarchive2-2.5.5-5.19 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5680 CVE-2007-3641 CVE-2007-3644 CVE-2007-3645 cpe:/o:suse:suse_sles:11:sp4 libblkid1-2.19.1-6.72.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libblkid1-2.19.1-6.72.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9114 cpe:/o:suse:suse_sles:11:sp4 libcap-progs-2.11-2.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libcap-progs-2.11-2.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-4099 cpe:/o:suse:suse_sles:11:sp4 libcgroup1-0.41.rc1-2.34 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libcgroup1-0.41.rc1-2.34 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1006 CVE-2011-1022 cpe:/o:suse:suse_sles:11:sp4 libdrm-2.4.52-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libdrm-2.4.52-0.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-3831 cpe:/o:suse:suse_sles:11:sp4 libecpg6-9.4.4-0.6.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libecpg6-9.4.4-0.6.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/o:suse:suse_sles:11:sp4 libevent-1_4-2-1.4.5-24.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libevent-1_4-2-1.4.5-24.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-6272 cpe:/o:suse:suse_sles:11:sp4 libexif-0.6.17-2.14.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libexif-0.6.17-2.14.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-6351 CVE-2007-6352 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 cpe:/o:suse:suse_sles:11:sp4 libexiv2-4-0.17.1-31.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libexiv2-4-0.17.1-31.20 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-6353 cpe:/o:suse:suse_sles:11:sp4 libfreebl3-3.17.3-0.8.11 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libfreebl3-3.17.3-0.8.11 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2013-0743 CVE-2013-1739 CVE-2013-1741 CVE-2013-2566 CVE-2013-5605 CVE-2013-5606 CVE-2014-1492 CVE-2014-1545 CVE-2014-1568 CVE-2014-1569 cpe:/o:suse:suse_sles:11:sp4 libgcc_s1-32bit-4.8.3+r212056-2.17 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libgcc_s1-32bit-4.8.3+r212056-2.17 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-5044 cpe:/o:suse:suse_sles:11:sp4 libgcrypt11-1.5.0-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libgcrypt11-1.5.0-0.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-4242 CVE-2014-5270 cpe:/o:suse:suse_sles:11:sp4 libgdiplus0-2.6.7-0.5.76 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libgdiplus0-2.6.7-0.5.76 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-1526 cpe:/o:suse:suse_sles:11:sp4 libgnomesu-1.0.0-307.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libgnomesu-1.0.0-307.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1946 cpe:/o:suse:suse_sles:11:sp4 libgtop-2.28.0-1.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libgtop-2.28.0-1.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0235 cpe:/o:suse:suse_sles:11:sp4 libicu-32bit-4.0-7.26.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libicu-32bit-4.0-7.26.15 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 CVE-2010-4409 cpe:/o:suse:suse_sles:11:sp4 libjasper-1.900.1-134.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libjasper-1.900.1-134.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 cpe:/o:suse:suse_sles:11:sp4 libksba-1.0.4-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libksba-1.0.4-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9087 cpe:/o:suse:suse_sles:11:sp4 libltdl7-2.2.6-2.131.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libltdl7-2.2.6-2.131.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3736 cpe:/o:suse:suse_sles:11:sp4 liblzo2-2-2.03-12.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the liblzo2-2-2.03-12.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-4607 cpe:/o:suse:suse_sles:11:sp4 libmpfr1-2.3.2-3.118.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libmpfr1-2.3.2-3.118.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9474 cpe:/o:suse:suse_sles:11:sp4 libmspack0-0.0.20060920alpha-74.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libmspack0-0.0.20060920alpha-74.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-9556 cpe:/o:suse:suse_sles:11:sp4 libmusicbrainz4-2.1.5-5.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libmusicbrainz4-2.1.5-5.18 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4197 cpe:/o:suse:suse_sles:11:sp4 libmysql55client18-32bit-5.5.43-0.7.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libmysql55client18-32bit-5.5.43-0.7.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2009-5026 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 CVE-2012-2122 CVE-2012-5611 CVE-2012-5615 CVE-2013-1861 CVE-2013-1976 CVE-2013-3783 CVE-2013-3793 CVE-2013-3794 CVE-2013-3795 CVE-2013-3796 CVE-2013-3798 CVE-2013-3801 CVE-2013-3802 CVE-2013-3804 CVE-2013-3805 CVE-2013-3806 CVE-2013-3807 CVE-2013-3808 CVE-2013-3809 CVE-2013-3810 CVE-2013-3811 CVE-2013-3812 CVE-2013-4316 CVE-2013-5860 CVE-2013-5881 CVE-2013-5882 CVE-2013-5891 CVE-2013-5894 CVE-2013-5908 CVE-2014-0001 CVE-2014-0224 CVE-2014-0384 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0427 CVE-2014-0430 CVE-2014-0431 CVE-2014-0433 CVE-2014-0437 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2434 CVE-2014-2435 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 CVE-2014-2442 CVE-2014-2444 CVE-2014-2450 CVE-2014-2451 CVE-2014-2484 CVE-2014-2494 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0385 CVE-2015-0391 CVE-2015-0405 CVE-2015-0409 CVE-2015-0411 CVE-2015-0423 CVE-2015-0432 CVE-2015-0433 CVE-2015-0438 CVE-2015-0439 CVE-2015-0441 CVE-2015-0498 CVE-2015-0499 CVE-2015-0500 CVE-2015-0501 CVE-2015-0503 CVE-2015-0505 CVE-2015-0506 CVE-2015-0507 CVE-2015-0508 CVE-2015-0511 CVE-2015-2305 CVE-2015-2566 CVE-2015-2567 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2576 cpe:/o:suse:suse_sles:11:sp4 libmysqlclient15-32bit-5.0.96-0.6.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libmysqlclient15-32bit-5.0.96-0.6.20 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2009-5026 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 CVE-2012-2122 CVE-2012-5611 cpe:/o:suse:suse_sles:11:sp4 libneon27-0.29.6-6.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libneon27-0.29.6-6.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0157 CVE-2008-3746 CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:suse_sles:11:sp4 libnetpbm10-10.26.44-101.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libnetpbm10-10.26.44-101.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-4274 cpe:/o:suse:suse_sles:11:sp4 libnewt0_52-0.52.10-1.35.113 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libnewt0_52-0.52.10-1.35.113 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2905 cpe:/o:suse:suse_sles:11:sp4 libopensc2-0.11.6-5.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libopensc2-0.11.6-5.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-2235 CVE-2009-0368 cpe:/o:suse:suse_sles:11:sp4 libopenssl0_9_8-0.9.8j-0.70.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libopenssl0_9_8-0.9.8j-0.70.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2009-5146 CVE-2010-0740 CVE-2010-2939 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 cpe:/o:suse:suse_sles:11:sp4 libotr2-3.2.0-10.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libotr2-3.2.0-10.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-3461 cpe:/o:suse:suse_sles:11:sp4 libpixman-1-0-0.24.4-0.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libpixman-1-0-0.24.4-0.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1591 CVE-2013-6425 cpe:/o:suse:suse_sles:11:sp4 libpng12-0-1.2.31-5.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libpng12-0-1.2.31-5.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5793 CVE-2008-3964 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 CVE-2009-2042 CVE-2009-5063 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2012-3425 CVE-2013-7353 CVE-2013-7354 cpe:/o:suse:suse_sles:11:sp4 libpoppler-glib4-0.12.3-1.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libpoppler-glib4-0.12.3-1.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0104 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-2950 CVE-2009-0755 CVE-2009-0756 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 CVE-2010-5110 CVE-2013-1790 cpe:/o:suse:suse_sles:11:sp4 libproxy0-0.3.1-2.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libproxy0-0.3.1-2.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-4505 cpe:/o:suse:suse_sles:11:sp4 libpulse-browse0-0.9.23-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libpulse-browse0-0.9.23-0.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-0008 CVE-2014-3970 cpe:/o:suse:suse_sles:11:sp4 libpython2_6-1_0-2.6.9-0.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libpython2_6-1_0-2.6.9-0.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3560 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 cpe:/o:suse:suse_sles:11:sp4 librpcsecgss-0.18-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the librpcsecgss-0.18-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3999 cpe:/o:suse:suse_sles:11:sp4 librsvg-2.26.0-2.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the librsvg-2.26.0-2.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-3146 cpe:/o:suse:suse_sles:11:sp4 libsamplerate-0.1.4-1.15 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libsamplerate-0.1.4-1.15 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-5008 cpe:/o:suse:suse_sles:11:sp4 libsndfile-1.0.20-2.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libsndfile-1.0.20-2.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 CVE-2009-4835 CVE-2011-2696 CVE-2014-9496 cpe:/o:suse:suse_sles:11:sp4 libsnmp15-32bit-5.4.2.1-8.12.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libsnmp15-32bit-5.4.2.1-8.12.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-4309 CVE-2008-6123 CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310 CVE-2014-3565 cpe:/o:suse:suse_sles:11:sp4 libsoup-2_4-1-2.32.2-4.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libsoup-2_4-1-2.32.2-4.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5876 CVE-2011-2524 CVE-2012-2132 cpe:/o:suse:suse_sles:11:sp4 libssh2-1-1.2.9-4.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libssh2-1-1.2.9-4.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2015-1782 cpe:/o:suse:suse_sles:11:sp4 libsss_idmap0-1.9.4-0.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libsss_idmap0-1.9.4-0.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 cpe:/o:suse:suse_sles:11:sp4 libtasn1-1.5-1.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libtasn1-1.5-1.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 cpe:/o:suse:suse_sles:11:sp4 libtevent0-x86-3.6.3-0.39.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libtevent0-x86-3.6.3-0.39.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 cpe:/o:suse:suse_sles:11:sp4 libtiff3-3.8.2-141.154.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libtiff3-3.8.2-141.154.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1586 CVE-2008-2327 CVE-2009-2285 CVE-2009-2347 CVE-2010-1411 CVE-2010-4665 CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:suse_sles:11:sp4 libtspi1-0.3.10-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libtspi1-0.3.10-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-0698 cpe:/o:suse:suse_sles:11:sp4 libupsclient1-2.6.2-0.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libupsclient1-2.6.2-0.2.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-2944 cpe:/o:suse:suse_sles:11:sp4 libvirt-1.2.5-3.76 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libvirt-1.2.5-3.76 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-5086 CVE-2010-2242 CVE-2011-1146 CVE-2011-1486 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2012-4423 CVE-2013-1962 CVE-2013-4291 CVE-2013-4296 CVE-2013-4311 CVE-2013-5651 CVE-2013-6436 CVE-2013-6456 CVE-2013-6458 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2015-0236 cpe:/o:suse:suse_sles:11:sp4 libvorbis-1.2.0-79.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libvorbis-1.2.0-79.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2009-2663 CVE-2009-3379 CVE-2012-0444 cpe:/o:suse:suse_sles:11:sp4 libwsman1-2.2.3-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libwsman1-2.2.3-0.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3566 cpe:/o:suse:suse_sles:11:sp4 libxcrypt-3.0.3-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libxcrypt-3.0.3-0.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp4 libxml2-2.7.6-0.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libxml2-2.7.6-0.31.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-6284 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2414 CVE-2009-2416 CVE-2010-4494 CVE-2011-1944 CVE-2011-2821 CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 CVE-2013-2877 CVE-2014-0191 CVE-2014-3660 cpe:/o:suse:suse_sles:11:sp4 libxslt-1.1.24-19.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libxslt-1.1.24-19.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1767 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 CVE-2013-4520 cpe:/o:suse:suse_sles:11:sp4 libzip1-0.9-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the libzip1-0.9-1.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0421 cpe:/o:suse:suse_sles:11:sp4 log4net-1.2.10-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the log4net-1.2.10-1.36 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-0743 cpe:/o:suse:suse_sles:11:sp4 logrotate-3.7.7-10.30.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the logrotate-3.7.7-10.30.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:suse_sles:11:sp4 logwatch-7.3.6-65.74.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the logwatch-7.3.6-65.74.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1018 cpe:/o:suse:suse_sles:11:sp4 lvm2-2.02.98-0.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the lvm2-2.02.98-0.33.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2526 cpe:/o:suse:suse_sles:11:sp4 lxc-0.8.0-0.23.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the lxc-0.8.0-0.23.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-6441 cpe:/o:suse:suse_sles:11:sp4 mailman-2.1.14-9.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mailman-2.1.14-9.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-2191 CVE-2006-2941 CVE-2006-3636 CVE-2010-3089 CVE-2010-3090 CVE-2011-0707 cpe:/o:suse:suse_sles:11:sp4 mailx-12.5-1.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mailx-12.5-1.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:suse:suse_sles:11:sp4 man-2.5.2-17.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the man-2.5.2-17.16 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4250 cpe:/o:suse:suse_sles:11:sp4 mipv6d-2.0.2.umip.0.4-8.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-8.7.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:suse_sles:11:sp4 mono-core-2.6.7-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mono-core-2.6.7-0.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0217 CVE-2010-1459 CVE-2010-3332 CVE-2010-4159 CVE-2012-3382 CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 cpe:/o:suse:suse_sles:11:sp4 mozilla-nspr-32bit-4.10.7-0.3.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mozilla-nspr-32bit-4.10.7-0.3.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-5607 CVE-2014-1545 cpe:/o:suse:suse_sles:11:sp4 mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mozilla-xulrunner192-1.9.2.27-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-5913 CVE-2009-3555 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3026 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 CVE-2011-3659 CVE-2011-3666 CVE-2011-3670 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0449 cpe:/o:suse:suse_sles:11:sp4 mutt-1.5.17-42.39.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the mutt-1.5.17-42.39.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1558 CVE-2014-0467 CVE-2014-9116 cpe:/o:suse:suse_sles:11:sp4 nagios-3.0.6-1.25.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the nagios-3.0.6-1.25.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-5803 CVE-2011-1523 CVE-2012-6096 CVE-2013-7108 CVE-2014-1878 cpe:/o:suse:suse_sles:11:sp4 nagios-nrpe-2.12-24.4.10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the nagios-nrpe-2.12-24.4.10.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1362 CVE-2014-2913 cpe:/o:suse:suse_sles:11:sp4 nagios-plugins-1.4.16-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the nagios-plugins-1.4.16-0.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-5623 cpe:/o:suse:suse_sles:11:sp4 nfs-client-1.2.3-18.38.43.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the nfs-client-1.2.3-18.38.43.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1923 cpe:/o:suse:suse_sles:11:sp4 ntp-4.2.8p2-2.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ntp-4.2.8p2-2.18 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9295 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 cpe:/o:suse:suse_sles:11:sp4 ofed-1.5.4.1-20.26 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ofed-1.5.4.1-20.26 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-1693 CVE-2010-3904 CVE-2010-4649 CVE-2011-3345 cpe:/o:suse:suse_sles:11:sp4 openCryptoki-3.2-0.11.26 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the openCryptoki-3.2-0.11.26 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-4454 CVE-2012-4455 cpe:/o:suse:suse_sles:11:sp4 openslp-1.2.0-172.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the openslp-1.2.0-172.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-3609 CVE-2012-4428 cpe:/o:suse:suse_sles:11:sp4 openssh-6.6p1-4.7 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the openssh-6.6p1-4.7 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-0225 CVE-2007-4752 CVE-2008-1483 CVE-2010-5107 CVE-2011-5000 CVE-2012-0814 CVE-2014-2532 CVE-2014-2653 cpe:/o:suse:suse_sles:11:sp4 openvpn-2.0.9-143.44.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the openvpn-2.0.9-143.44.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4339 CVE-2013-2061 CVE-2014-8104 cpe:/o:suse:suse_sles:11:sp4 opie-2.4-662.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the opie-2.4-662.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:suse_sles:11:sp4 pam-1.1.5-0.15.9 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pam-1.1.5-0.15.9 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0579 CVE-2009-0887 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 cpe:/o:suse:suse_sles:11:sp4 pam_krb5-2.3.1-47.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pam_krb5-2.3.1-47.12.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-3825 cpe:/o:suse:suse_sles:11:sp4 pam_ldap-184-147.20 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pam_ldap-184-147.20 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-5170 cpe:/o:suse:suse_sles:11:sp4 pam_mount-0.47-13.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pam_mount-0.47-13.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-5138 cpe:/o:suse:suse_sles:11:sp4 pango-1.26.2-1.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pango-1.26.2-1.3.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:suse_sles:11:sp4 pcsc-ccid-1.3.8-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pcsc-ccid-1.3.8-3.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-4530 cpe:/o:suse:suse_sles:11:sp4 pcsc-lite-1.4.102-1.37.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pcsc-lite-1.4.102-1.37.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0407 CVE-2010-4531 cpe:/o:suse:suse_sles:11:sp4 perl-32bit-5.10.0-64.72.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the perl-32bit-5.10.0-64.72.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-5116 CVE-2010-1168 CVE-2010-1447 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-1487 CVE-2011-2728 CVE-2012-5526 CVE-2012-6329 CVE-2013-1667 CVE-2014-4330 cpe:/o:suse:suse_sles:11:sp4 perl-HTML-Parser-3.56-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the perl-HTML-Parser-3.56-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3627 cpe:/o:suse:suse_sles:11:sp4 perl-Tk-804.028-50.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the perl-Tk-804.028-50.24 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4484 cpe:/o:suse:suse_sles:11:sp4 perl-libwww-perl-5.816-2.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the perl-libwww-perl-5.816-2.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0633 cpe:/o:suse:suse_sles:11:sp4 perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the perl-spamassassin-3.3.1-10.8.3 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-0451 CVE-2007-2873 cpe:/o:suse:suse_sles:11:sp4 popt-1.7-37.63.64.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the popt-1.7-37.63.64.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-6435 CVE-2014-8118 cpe:/o:suse:suse_sles:11:sp4 postgresql-8.3.23-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the postgresql-8.3.23-0.4.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-3555 CVE-2009-4034 CVE-2009-4136 CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2010-4014 CVE-2010-4015 CVE-2012-0866 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 cpe:/o:suse:suse_sles:11:sp4 powerpc-utils-1.2.22-2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the powerpc-utils-1.2.22-2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-4040 cpe:/o:suse:suse_sles:11:sp4 ppc64-diag-2.6.7-1.31 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ppc64-diag-2.6.7-1.31 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-4038 CVE-2014-4039 cpe:/o:suse:suse_sles:11:sp4 ppp-2.4.5.git-2.29.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ppp-2.4.5.git-2.29.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3158 cpe:/o:suse:suse_sles:11:sp4 procmail-3.22-240.8.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the procmail-3.22-240.8.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3618 cpe:/o:suse:suse_sles:11:sp4 puppet-2.7.26-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the puppet-2.7.26-0.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0156 CVE-2011-1986 CVE-2011-3848 CVE-2011-3869 CVE-2011-3870 CVE-2011-3871 CVE-2011-3872 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 CVE-2012-3864 CVE-2012-3865 CVE-2012-3867 CVE-2013-3567 CVE-2013-4761 CVE-2013-4969 CVE-2014-3248 CVE-2014-3250 cpe:/o:suse:suse_sles:11:sp4 pure-ftpd-1.0.22-3.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pure-ftpd-1.0.22-3.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0411 CVE-2011-3171 cpe:/o:suse:suse_sles:11:sp4 python-2.6.9-0.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the python-2.6.9-0.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-2052 CVE-2008-1721 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2013-4238 cpe:/o:suse:suse_sles:11:sp4 python-imaging-1.1.6-168.34.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the python-imaging-1.1.6-168.34.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-1932 CVE-2014-1933 cpe:/o:suse:suse_sles:11:sp4 python-lxml-2.3.6-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the python-lxml-2.3.6-0.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3146 cpe:/o:suse:suse_sles:11:sp4 python-pam-0.5.0-3.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the python-pam-0.5.0-3.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-1502 cpe:/o:suse:suse_sles:11:sp4 python-pywbem-0.7-6.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the python-pywbem-0.7-6.22.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-6418 cpe:/o:suse:suse_sles:11:sp4 pyxml-0.8.4-194.23.38 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the pyxml-0.8.4-194.23.38 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3560 CVE-2009-3720 cpe:/o:suse:suse_sles:11:sp4 qt3-3.3.8b-88.21 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the qt3-3.3.8b-88.21 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-4811 CVE-2007-0242 CVE-2007-3388 CVE-2007-4137 cpe:/o:suse:suse_sles:11:sp4 quagga-0.99.15-0.14.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the quagga-0.99.15-0.14.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-2223 CVE-2007-1995 CVE-2010-1674 CVE-2010-1675 CVE-2010-2948 CVE-2010-2949 CVE-2013-0149 CVE-2013-2236 cpe:/o:suse:suse_sles:11:sp4 radvd-1.1-1.24.8.19 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the radvd-1.1-1.24.8.19 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-3602 CVE-2011-3603 CVE-2011-3604 CVE-2011-3605 cpe:/o:suse:suse_sles:11:sp4 rsync-3.0.4-2.47.28 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the rsync-3.0.4-2.47.28 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4091 CVE-2007-6199 CVE-2011-1097 cpe:/o:suse:suse_sles:11:sp4 rsyslog-5.10.1-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the rsyslog-5.10.1-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-3200 CVE-2014-3634 CVE-2014-3683 cpe:/o:suse:suse_sles:11:sp4 ruby-1.8.7.p357-0.9.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the ruby-1.8.7.p357-0.9.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-3694 CVE-2006-5467 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 CVE-2008-1145 CVE-2008-3790 CVE-2009-0642 CVE-2009-1904 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 CVE-2012-4466 CVE-2013-1821 CVE-2013-4073 CVE-2013-4164 CVE-2014-8080 CVE-2014-8090 cpe:/o:suse:suse_sles:11:sp4 sblim-sfcb-1.3.11-0.23.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the sblim-sfcb-1.3.11-0.23.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-3381 cpe:/o:suse:suse_sles:11:sp4 sendmail-8.14.3-50.24.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the sendmail-8.14.3-50.24.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3956 cpe:/o:suse:suse_sles:11:sp4 shim-0.7.318.81ee561d-0.9.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the shim-0.7.318.81ee561d-0.9.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:suse_sles:11:sp4 socat-1.7.0.0-1.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the socat-1.7.0.0-1.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2799 CVE-2012-0219 cpe:/o:suse:suse_sles:11:sp4 squid-2.7.STABLE5-2.12.16.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the squid-2.7.STABLE5-2.12.16.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-0478 CVE-2009-2855 CVE-2010-0308 CVE-2010-0639 CVE-2012-5643 CVE-2013-0188 CVE-2013-0189 CVE-2013-4115 cpe:/o:suse:suse_sles:11:sp4 squid3-3.1.12-8.16.20.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the squid3-3.1.12-8.16.20.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2005-0094 CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-0189 CVE-2013-4115 CVE-2014-0128 CVE-2014-3609 cpe:/o:suse:suse_sles:11:sp4 squidGuard-1.4-13.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the squidGuard-1.4-13.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-3700 CVE-2009-3826 cpe:/o:suse:suse_sles:11:sp4 star-1.5final-28.23.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the star-1.5final-28.23.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4134 cpe:/o:suse:suse_sles:11:sp4 strongswan-4.4.0-6.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the strongswan-4.4.0-6.25.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2944 CVE-2013-5018 CVE-2013-6075 CVE-2014-2338 CVE-2014-2891 cpe:/o:suse:suse_sles:11:sp4 stunnel-4.54-0.9.24 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the stunnel-4.54-0.9.24 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1762 cpe:/o:suse:suse_sles:11:sp4 sudo-1.7.6p2-0.23.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the sudo-1.7.6p2-0.23.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-0426 CVE-2010-0427 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 cpe:/o:suse:suse_sles:11:sp4 sysconfig-0.71.61-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the sysconfig-0.71.61-0.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-4182 cpe:/o:suse:suse_sles:11:sp4 syslog-ng-2.0.9-27.34.36.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the syslog-ng-2.0.9-27.34.36.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-5110 cpe:/o:suse:suse_sles:11:sp4 sysstat-8.1.5-7.50.25 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the sysstat-8.1.5-7.50.25 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3852 cpe:/o:suse:suse_sles:11:sp4 system-config-printer-1.0.8-9.23.44 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the system-config-printer-1.0.8-9.23.44 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-4405 CVE-2012-4510 cpe:/o:suse:suse_sles:11:sp4 systemtap-1.5-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the systemtap-1.5-0.9.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2009-2911 CVE-2009-4273 CVE-2012-0875 cpe:/o:suse:suse_sles:11:sp4 t1lib-5.1.1-100.21.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the t1lib-5.1.1-100.21.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 cpe:/o:suse:suse_sles:11:sp4 taglib-1.5-19.23.4 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the taglib-1.5-19.23.4 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-1108 CVE-2012-1584 cpe:/o:suse:suse_sles:11:sp4 tar-1.26-1.2.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the tar-1.26-1.2.6.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2001-1267 CVE-2002-0399 CVE-2006-6097 CVE-2010-0624 cpe:/o:suse:suse_sles:11:sp4 tcpdump-3.9.8-1.27.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the tcpdump-3.9.8-1.27.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 cpe:/o:suse:suse_sles:11:sp4 tftp-0.48-101.31.27 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the tftp-0.48-101.31.27 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2199 cpe:/o:suse:suse_sles:11:sp4 tgt-0.9.10-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the tgt-0.9.10-0.17.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-0001 cpe:/o:suse:suse_sles:11:sp4 tomcat6-6.0.41-0.43.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the tomcat6-6.0.41-0.43.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 CVE-2012-2733 CVE-2012-3439 CVE-2012-3544 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 CVE-2013-1976 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 cpe:/o:suse:suse_sles:11:sp4 unixODBC_23-2.3.1-0.9.40 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the unixODBC_23-2.3.1-0.9.40 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-1145 cpe:/o:suse:suse_sles:11:sp4 unrar-3.80.2-2.8 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the unrar-3.80.2-2.8 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-3726 cpe:/o:suse:suse_sles:11:sp4 unzip-6.00-11.13.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the unzip-6.00-11.13.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2005-2475 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 cpe:/o:suse:suse_sles:11:sp4 vino-2.28.1-2.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the vino-2.28.1-2.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-5745 cpe:/o:suse:suse_sles:11:sp4 virt-utils-1.2.1-10.41 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the virt-utils-1.2.1-10.41 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1922 cpe:/o:suse:suse_sles:11:sp4 vsftpd-2.0.7-4.35.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the vsftpd-2.0.7-4.35.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2015-1419 cpe:/o:suse:suse_sles:11:sp4 vte-0.22.5-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the vte-0.22.5-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2713 cpe:/o:suse:suse_sles:11:sp4 w3m-0.5.2-132.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the w3m-0.5.2-132.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-6772 CVE-2010-2074 cpe:/o:suse:suse_sles:11:sp4 wget-1.11.4-1.19.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the wget-1.11.4-1.19.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-6719 CVE-2014-4877 cpe:/o:suse:suse_sles:11:sp4 wireshark-1.10.13-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the wireshark-1.10.13-0.2.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-1932 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-2560 CVE-2009-2562 CVE-2009-3549 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304 CVE-2010-1455 CVE-2010-2992 CVE-2010-2993 CVE-2010-2994 CVE-2010-2995 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-1593 CVE-2012-1595 CVE-2012-1596 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4296 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 CVE-2013-4927 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 cpe:/o:suse:suse_sles:11:sp4 wpa_supplicant-0.7.1-6.15.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the wpa_supplicant-0.7.1-6.15.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-3686 cpe:/o:suse:suse_sles:11:sp4 x3270-3.3.12-517.12.34 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the x3270-3.3.12-517.12.34 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-5662 cpe:/o:suse:suse_sles:11:sp4 xalan-j2-2.7.0-217.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xalan-j2-2.7.0-217.26.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2014-0107 cpe:/o:suse:suse_sles:11:sp4 xdg-utils-1.0.2-36.18 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xdg-utils-1.0.2-36.18 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-0386 cpe:/o:suse:suse_sles:11:sp4 xen-4.4.2_08-1.7 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xen-4.4.2_08-1.7 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 CVE-2007-3919 CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3497 CVE-2012-3498 CVE-2012-3515 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1432 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 CVE-2013-2212 CVE-2013-4344 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2013-6400 CVE-2013-6885 CVE-2014-1666 CVE-2014-2599 CVE-2014-3615 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 CVE-2014-9065 CVE-2014-9066 CVE-2015-0361 CVE-2015-2044 CVE-2015-2045 CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 CVE-2015-3209 CVE-2015-3340 CVE-2015-3456 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/o:suse:suse_sles:11:sp4 xinetd-2.3.14-130.133.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xinetd-2.3.14-130.133.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-7.4-9.65.46 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-7.4-9.65.46 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2007-4568 CVE-2011-0465 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-Xvnc-7.4-27.105.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-Xvnc-7.4-27.105.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 CVE-2007-1003 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2010-2240 CVE-2010-4818 CVE-2010-4819 CVE-2011-4028 CVE-2011-4029 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2015-0255 CVE-2015-3418 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libX11-32bit-7.4-5.11.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libX11-32bit-7.4-5.11.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXext-32bit-7.4-1.18.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXext-32bit-7.4-1.18.16 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1982 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXfixes-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXfixes-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1983 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXp-32bit-7.4-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXp-32bit-7.4-1.18.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2062 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXrender-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXrender-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1987 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXt-32bit-7.4-1.19.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXt-32bit-7.4-1.19.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXv-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libXv-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libs-32bit-7.4-8.26.44.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libs-32bit-7.4-8.26.44.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-2895 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libxcb-32bit-7.4-1.29.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-libxcb-32bit-7.4-1.29.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2013-2064 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-server-dmx-7.3.99-17.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xorg-x11-server-dmx-7.3.99-17.11.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2010-2240 CVE-2011-4028 CVE-2011-4029 cpe:/o:suse:suse_sles:11:sp4 xterm-238-1.16 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the xterm-238-1.16 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-2383 cpe:/o:suse:suse_sles:11:sp4 yast2-2.17.140-1.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the yast2-2.17.140-1.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp4 yast2-core-2.17.46-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the yast2-core-2.17.46-0.5.1 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2008-4311 CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:suse_sles:11:sp4 zoo-2.10-911.22 on GA media (Moderate) SUSE Linux Enterprise Server 11 SP4 These are all security issues fixed in the zoo-2.10-911.22 package on the GA media of SUSE Linux Enterprise Server 11 SP4. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:suse_sles:11:sp4 curl-openssl1-7.19.7-1.51.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the curl-openssl1-7.19.7-1.51.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 CVE-2016-0755 cpe:/o:suse:sles:11:security libcurl4-openssl1-32bit-7.19.7-0.38.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the libcurl4-openssl1-32bit-7.19.7-0.38.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 cpe:/o:suse:sles:11:security libldap-openssl1-2_4-2-2.4.26-0.28.8 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the libldap-openssl1-2_4-2-2.4.26-0.28.8 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2012-1164 cpe:/o:suse:sles:11:security libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the libopenssl1-devel-1.0.1g-0.12.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 cpe:/o:suse:sles:11:security libslp1-openssl1-1.2.0-172.26.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the libslp1-openssl1-1.2.0-172.26.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2010-3609 CVE-2012-4428 cpe:/o:suse:sles:11:security libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2008-4309 CVE-2008-6123 CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310 CVE-2014-3565 CVE-2015-5621 cpe:/o:suse:sles:11:security mailx-openssl1-12.5-1.11.2 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the mailx-openssl1-12.5-1.11.2 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:suse:sles:11:security openssh-openssl1-6.6p1-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the openssh-openssl1-6.6p1-10.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2006-0225 CVE-2007-4752 CVE-2008-1483 CVE-2010-5107 CVE-2011-5000 CVE-2012-0814 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:sles:11:security openvpn-openssl1-2.3.2-0.10.3.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the openvpn-openssl1-2.3.2-0.10.3.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2006-4339 CVE-2013-2061 CVE-2014-8104 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sles:11:security sblim-sfcb-openssl1-1.3.11-0.28.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the sblim-sfcb-openssl1-1.3.11-0.28.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2012-3381 CVE-2015-5185 cpe:/o:suse:sles:11:security stunnel-openssl1-4.54-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the stunnel-openssl1-4.54-0.11.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2013-1762 CVE-2014-0016 cpe:/o:suse:sles:11:security vsftpd-openssl1-2.0.7-4.43.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the vsftpd-openssl1-2.0.7-4.43.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2015-1419 cpe:/o:suse:sles:11:security wget-openssl1-1.11.4-1.22.1 on GA media (Moderate) SUSE Linux Enterprise Server 11-SECURITY These are all security issues fixed in the wget-openssl1-1.11.4-1.22.1 package on the GA media of SUSE Linux Enterprise Server 11-SECURITY. Moderate CVE-2006-6719 CVE-2014-4877 cpe:/o:suse:sles:11:security GraphicsMagick-1.2.5-4.33.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the GraphicsMagick-1.2.5-4.33.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2005-4601 CVE-2006-3743 CVE-2006-3744 CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2012-3438 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ImageMagick-6.4.3.6-7.30.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ImageMagick-6.4.3.6-7.30.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5456 CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 CVE-2012-3437 CVE-2014-1947 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 LibVNCServer-devel-0.9.1-154.24 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the LibVNCServer-devel-0.9.1-154.24 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-2450 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Mesa-devel-32bit-9.0.3-0.28.29.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the Mesa-devel-32bit-9.0.3-0.28.29.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1872 CVE-2013-1993 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 MozillaFirefox-devel-31.7.0esr-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the MozillaFirefox-devel-31.7.0esr-0.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0078 CVE-2007-0079 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3670 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2008-0412 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-3836 CVE-2008-4063 CVE-2008-4064 CVE-2008-4070 CVE-2008-5913 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-1571 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0183 CVE-2010-0654 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2011-3665 CVE-2012-0441 CVE-2012-0452 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1705 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1739 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 NetworkManager-devel-0.7.1_git20090811-3.28.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the NetworkManager-devel-0.7.1_git20090811-3.28.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0365 CVE-2009-0578 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 OpenEXR-32bit-1.6.1-83.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the OpenEXR-32bit-1.6.1-83.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 PackageKit-devel-0.3.14-2.30.11 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the PackageKit-devel-0.3.14-2.30.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4311 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 PolicyKit-devel-0.9-14.43.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the PolicyKit-devel-0.9-14.43.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1658 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Xerces-c-2.8.0-29.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the Xerces-c-2.8.0-29.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-1885 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 a2ps-devel-4.13-1326.37.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the a2ps-devel-4.13-1326.37.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-0466 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ant-1.7.1-20.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ant-1.7.1-20.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-2098 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 apache2-2.2.12-1.51.52.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the apache2-2.2.12-1.51.52.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2003-1418 CVE-2006-3747 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6750 CVE-2008-0005 CVE-2008-1678 CVE-2008-2364 CVE-2008-2939 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2010-0408 CVE-2010-0434 CVE-2010-1452 CVE-2010-2068 CVE-2011-3192 CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4557 CVE-2012-4558 CVE-2013-1862 CVE-2013-1896 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 CVE-2014-3581 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_fcgid-2.2-31.27.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the apache2-mod_fcgid-2.2-31.27.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-3872 CVE-2013-4365 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 apache2-mod_perl-2.0.4-40.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the apache2-mod_perl-2.0.4-40.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1349 CVE-2013-1667 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 augeas-devel-0.9.0-3.15.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the augeas-devel-0.9.0-3.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-0786 CVE-2013-6412 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 automake-1.10.1-4.131.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the automake-1.10.1-4.131.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-4029 CVE-2012-3386 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 avahi-compat-howl-devel-0.6.23-11.32.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the avahi-compat-howl-devel-0.6.23-11.32.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5461 CVE-2006-6870 CVE-2007-3372 CVE-2008-5081 CVE-2009-0758 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 bind-devel-32bit-9.9.6P1-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the bind-devel-32bit-9.9.6P1-0.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4339 CVE-2007-2925 CVE-2007-2926 CVE-2009-0696 CVE-2009-4022 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 binutils-devel-2.24-3.62 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the binutils-devel-2.24-3.62 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 boinc-client-6.2.18-4.31.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the boinc-client-6.2.18-4.31.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-5077 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 boost-devel-1.36.0-12.6.49 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the boost-devel-1.36.0-12.6.49 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-0171 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 build-2011.10.10-0.7.10 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the build-2011.10.10-0.7.10 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-4226 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 bytefx-data-mysql-2.6.7-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the bytefx-data-mysql-2.6.7-0.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0217 CVE-2010-1459 CVE-2010-3332 CVE-2010-4159 CVE-2012-3382 CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 coolkey-devel-1.1.0-22.24 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the coolkey-devel-1.1.0-22.24 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4129 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cpp48-4.8.3+r212056-2.17 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the cpp48-4.8.3+r212056-2.17 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-5044 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cscope-15.6-95.22 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the cscope-15.6-95.22 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2004-2541 CVE-2006-4262 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ctdb-devel-1.0.114.6-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ctdb-devel-1.0.114.6-0.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-4159 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cups-devel-1.3.9-8.46.56.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the cups-devel-1.3.9-8.46.56.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0104 CVE-2007-3387 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-0047 CVE-2008-1373 CVE-2008-1693 CVE-2008-1722 CVE-2008-3641 CVE-2009-0163 CVE-2009-0949 CVE-2009-2820 CVE-2009-3553 CVE-2010-0302 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 CVE-2011-2896 CVE-2011-3170 CVE-2012-5519 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cvs-doc-1.12.12-144.23.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the cvs-doc-1.12.12-144.23.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-0804 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cyrus-imapd-devel-2.3.11-60.65.64.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the cyrus-imapd-devel-2.3.11-60.65.64.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-3235 CVE-2011-3372 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 dbus-1-devel-1.2.10-3.31.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the dbus-1-devel-1.2.10-3.31.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-6107 CVE-2008-0595 CVE-2008-3834 CVE-2008-4311 CVE-2009-1189 CVE-2010-4352 CVE-2012-3524 CVE-2014-3477 CVE-2014-3638 CVE-2014-3639 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 dbus-1-glib-devel-0.76-34.22.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the dbus-1-glib-devel-0.76-34.22.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-1172 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 derby-10.3.1.4-1.16 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the derby-10.3.1.4-1.16 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2005-4849 CVE-2006-7216 CVE-2006-7217 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 dhcp-devel-4.2.4.P2-0.22.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the dhcp-devel-4.2.4.P2-0.22.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0692 CVE-2009-1892 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 e2fsprogs-devel-1.41.9-2.14.3 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the e2fsprogs-devel-1.41.9-2.14.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-5497 CVE-2015-0247 CVE-2015-1572 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 emacs-nox-22.3-4.42.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the emacs-nox-22.3-4.42.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-5795 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 empathy-2.28.2-0.13.49 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the empathy-2.28.2-0.13.49 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-3635 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 evince-devel-2.28.2-0.7.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the evince-devel-2.28.2-0.7.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5864 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 evolution-2.28.2-0.30.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the evolution-2.28.2-0.30.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1108 CVE-2008-1109 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 evolution-data-server-devel-2.28.2-0.32.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the evolution-data-server-devel-2.28.2-0.32.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-3257 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 fastjar-0.95-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the fastjar-0.95-1.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-0831 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 file-devel-4.24-43.27.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the file-devel-4.24-43.27.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1536 CVE-2007-2799 CVE-2014-3710 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 fileshareset-2.0-20.31 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the fileshareset-2.0-20.31 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4569 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 finch-2.6.6-0.25.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the finch-2.6.6-0.25.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2927 CVE-2008-2955 CVE-2008-3532 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 CVE-2009-1376 CVE-2009-1889 CVE-2009-2694 CVE-2009-2703 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 CVE-2012-1178 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 flac-devel-1.2.1-68.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the flac-devel-1.2.1-68.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 freeradius-server-devel-2.1.1-7.18.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the freeradius-server-devel-2.1.1-7.18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4474 CVE-2011-4966 CVE-2014-2015 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 freetype2-devel-2.3.7-25.35.36.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the freetype2-devel-2.3.7-25.35.36.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1351 CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-2895 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 fuse-devel-2.8.7-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the fuse-devel-2.8.7-0.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 fvwm2-2.5.26-1.25 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the fvwm2-2.5.26-1.25 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5969 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gd-devel-2.0.36.RC1-52.20.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gd-devel-2.0.36.RC1-52.20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-2756 CVE-2014-9709 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gdk-pixbuf-0.22.0-294.26.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gdk-pixbuf-0.22.0-294.26.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-2485 CVE-2012-2370 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ghostscript-devel-8.62-32.34.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ghostscript-devel-8.62-32.34.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 CVE-2009-0792 CVE-2009-3743 CVE-2010-1869 CVE-2010-4054 CVE-2012-4405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gimp-2.6.2-3.34.45.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gimp-2.6.2-3.34.45.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-3404 CVE-2007-2356 CVE-2007-2949 CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 CVE-2011-1782 CVE-2011-2896 CVE-2012-3403 CVE-2012-3481 CVE-2012-5576 CVE-2013-1913 CVE-2013-1978 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 git-1.7.12.4-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the git-1.7.12.4-0.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-2542 CVE-2010-3906 CVE-2013-0308 CVE-2014-9390 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 glib2-devel-2.22.5-0.8.14.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the glib2-devel-2.22.5-0.8.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2371 CVE-2008-4316 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 glibc-html-2.11.3-17.84.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the glibc-html-2.11.3-17.84.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-5029 CVE-2011-2483 CVE-2012-4412 CVE-2012-6656 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2013-4788 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-9402 CVE-2015-0235 CVE-2015-1472 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gmime-2_4-devel-2.4.8-1.2.55 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gmime-2_4-devel-2.4.8-1.2.55 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-0409 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gnucash-2.2.7-1.35 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gnucash-2.2.7-1.35 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0007 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gstreamer-0_10-plugins-base-devel-0.10.35-5.15.8 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-base-devel-0.10.35-5.15.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0586 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 gtk2-devel-2.18.9-0.23.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the gtk2-devel-2.18.9-0.23.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0010 CVE-2011-2485 CVE-2012-2370 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ibutils-1.5.7-0.15.22 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ibutils-1.5.7-0.15.22 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-3277 CVE-2013-1894 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 icu-4.0-7.26.15 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the icu-4.0-7.26.15 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4770 CVE-2007-4771 CVE-2008-1036 CVE-2009-0153 CVE-2010-4409 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 imlib-1.9.14-401.20 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the imlib-1.9.14-401.20 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-3568 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 imlib2-1.4.2-2.18.53 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the imlib2-1.4.2-2.18.53 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2426 CVE-2008-5187 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 inkscape-0.46-62.43.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the inkscape-0.46-62.43.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-5656 CVE-2012-6076 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 java-1_7_1-ibm-devel-1.7.1_sr3.0-1.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the java-1_7_1-ibm-devel-1.7.1_sr3.0-1.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0138 CVE-2015-0192 CVE-2015-1914 CVE-2015-2808 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 kdebase4-workspace-devel-4.3.5-0.12.18.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the kdebase4-workspace-devel-4.3.5-0.12.18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-0436 CVE-2013-4132 CVE-2013-4133 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 kdelibs3-32bit-3.5.10-23.27.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the kdelibs3-32bit-3.5.10-23.27.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 CVE-2008-1671 CVE-2009-0689 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 kdelibs4-doc-4.3.5-0.14.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the kdelibs4-doc-4.3.5-0.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0689 CVE-2011-1168 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 kernel-docs-3.0.101-63.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the kernel-docs-3.0.101-63.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-0007 CVE-2008-0009 CVE-2008-0010 CVE-2008-1375 CVE-2008-1669 CVE-2008-1673 CVE-2008-1675 CVE-2008-3528 CVE-2008-3831 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300 CVE-2009-0029 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0415 CVE-2010-0622 CVE-2010-0623 CVE-2010-1146 CVE-2010-1173 CVE-2010-1437 CVE-2010-1641 CVE-2010-2066 CVE-2010-2798 CVE-2010-2803 CVE-2010-2942 CVE-2010-2943 CVE-2010-2946 CVE-2010-2954 CVE-2010-2955 CVE-2010-2959 CVE-2010-2960 CVE-2010-2962 CVE-2010-2963 CVE-2010-3015 CVE-2010-3078 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3084 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2010-3437 CVE-2010-3699 CVE-2010-3705 CVE-2010-3861 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-3881 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4076 CVE-2010-4077 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4164 CVE-2010-4165 CVE-2010-4169 CVE-2010-4175 CVE-2010-4243 CVE-2010-4251 CVE-2010-4258 CVE-2010-4342 CVE-2010-4529 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 CVE-2011-0710 CVE-2011-0711 CVE-2011-0712 CVE-2011-1016 CVE-2011-1017 CVE-2011-1020 CVE-2011-1083 CVE-2011-1160 CVE-2011-1180 CVE-2011-1182 CVE-2011-1478 CVE-2011-1573 CVE-2011-1577 CVE-2011-1593 CVE-2011-2182 CVE-2011-2183 CVE-2011-2203 CVE-2011-2479 CVE-2011-2491 CVE-2011-2494 CVE-2011-2495 CVE-2011-2496 CVE-2011-3191 CVE-2011-4086 CVE-2011-4097 CVE-2011-4127 CVE-2011-4131 CVE-2011-4604 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0056 CVE-2012-0207 CVE-2012-1090 CVE-2012-1097 CVE-2012-1146 CVE-2012-1179 CVE-2012-1601 CVE-2012-2119 CVE-2012-2133 CVE-2012-2136 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373 CVE-2012-2390 CVE-2012-2663 CVE-2012-2745 CVE-2012-3412 CVE-2012-3430 CVE-2012-4398 CVE-2012-4461 CVE-2012-5517 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0871 CVE-2013-0913 CVE-2013-1059 CVE-2013-1767 CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1819 CVE-2013-1848 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-2148 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-2852 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-2929 CVE-2013-3301 CVE-2013-4162 CVE-2013-4163 CVE-2013-4470 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4579 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6382 CVE-2013-6885 CVE-2013-7027 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0055 CVE-2014-0077 CVE-2014-0101 CVE-2014-0131 CVE-2014-0155 CVE-2014-0181 CVE-2014-0196 CVE-2014-0691 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1737 CVE-2014-1738 CVE-2014-1739 CVE-2014-1874 CVE-2014-2309 CVE-2014-2523 CVE-2014-2678 CVE-2014-2851 CVE-2014-3122 CVE-2014-3144 CVE-2014-3145 CVE-2014-3153 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-3917 CVE-2014-4171 CVE-2014-4508 CVE-2014-4608 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4667 CVE-2014-4699 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-7822 CVE-2014-7826 CVE-2014-7841 CVE-2014-7842 CVE-2014-7970 CVE-2014-8086 CVE-2014-8133 CVE-2014-8134 CVE-2014-8159 CVE-2014-8160 CVE-2014-8369 CVE-2014-8559 CVE-2014-8709 CVE-2014-9090 CVE-2014-9322 CVE-2014-9419 CVE-2014-9420 CVE-2014-9529 CVE-2014-9584 CVE-2014-9585 CVE-2014-9683 CVE-2015-0777 CVE-2015-1421 CVE-2015-1593 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 kopete-devel-4.3.5-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the kopete-devel-4.3.5-0.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-1000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 krb5-devel-1.6.3-133.49.66.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the krb5-devel-1.6.3-133.49.66.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2002-2443 CVE-2006-6143 CVE-2006-6144 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 CVE-2007-3999 CVE-2007-4000 CVE-2007-4743 CVE-2007-5894 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-4212 CVE-2010-0629 CVE-2010-1321 CVE-2010-1323 CVE-2011-0281 CVE-2011-0282 CVE-2011-1526 CVE-2011-4862 CVE-2013-1415 CVE-2013-1418 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libQtWebKit-devel-4.6.3-5.34.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libQtWebKit-devel-4.6.3-5.34.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4811 CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libadns-devel-1.4-73.21 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libadns-devel-1.4-73.21 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1447 CVE-2008-4100 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libapr-util1-1.3.4-12.22.23.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libapr-util1-1.3.4-12.22.23.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-2412 CVE-2010-1623 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libapr1-1.3.3-11.18.19.8 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libapr1-1.3.3-11.18.19.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libarchive-devel-2.5.5-5.19 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libarchive-devel-2.5.5-5.19 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5680 CVE-2007-3641 CVE-2007-3644 CVE-2007-3645 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libasm-devel-0.152-4.9.17 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libasm-devel-0.152-4.9.17 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-9447 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libblkid-devel-2.19.1-6.72.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libblkid-devel-2.19.1-6.72.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-9114 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libbz2-devel-1.0.5-34.253.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libbz2-devel-1.0.5-34.253.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1372 CVE-2010-0405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libcap-devel-2.11-2.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libcap-devel-2.11-2.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-4099 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libcgroup-devel-0.41.rc1-2.34 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libcgroup-devel-0.41.rc1-2.34 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-1006 CVE-2011-1022 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libcurl-devel-7.19.7-1.42.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libcurl-devel-7.19.7-1.42.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2010-4180 CVE-2011-2192 CVE-2011-3389 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libdhcp6client-1_0-2-1.0.22-3.21.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libdhcp6client-1_0-2-1.0.22-3.21.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-0997 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libdrm-devel-2.4.52-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libdrm-devel-2.4.52-0.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-3831 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libevent-devel-1.4.5-24.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libevent-devel-1.4.5-24.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-6272 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libexif-devel-0.6.17-2.14.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libexif-devel-0.6.17-2.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-6351 CVE-2007-6352 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libexiv2-4-32bit-0.17.1-31.20 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libexiv2-4-32bit-0.17.1-31.20 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-6353 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libexpat-devel-2.0.1-88.34.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libexpat-devel-2.0.1-88.34.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgadu-1.8.2-1.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgadu-1.8.2-1.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4776 CVE-2013-6487 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgcrypt-devel-1.5.0-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgcrypt-devel-1.5.0-0.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-4242 CVE-2014-5270 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgnomesu-devel-1.0.0-307.10.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgnomesu-devel-1.0.0-307.10.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-1946 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgnutls-devel-2.4.1-24.39.55.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgnutls-devel-2.4.1-24.39.55.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4790 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 CVE-2008-4989 CVE-2009-2730 CVE-2009-3555 CVE-2009-5138 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2013-1619 CVE-2013-2116 CVE-2014-0092 CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-0282 CVE-2015-0294 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgpgme-devel-1.1.6-25.32.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgpgme-devel-1.1.6-25.32.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3564 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libgtop-2_0-7-32bit-2.28.0-1.13.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libgtop-2_0-7-32bit-2.28.0-1.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0235 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libguestfs-devel-1.20.12-0.18.70 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libguestfs-devel-1.20.12-0.18.70 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-2124 CVE-2013-4419 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libid3tag-0.15.1b-130.17 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libid3tag-0.15.1b-130.17 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2109 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libjasper-devel-1.900.1-134.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libjasper-devel-1.900.1-134.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libjpeg-devel-32bit-6.2.0-879.12.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libjpeg-devel-32bit-6.2.0-879.12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-2806 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libksba-devel-1.0.4-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libksba-devel-1.0.4-1.18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-9087 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 liblcms-devel-1.17-77.16.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the liblcms-devel-1.17-77.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2013-4276 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libldb-devel-3.6.3-0.58.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libldb-devel-3.6.3-0.58.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-3403 CVE-2007-0452 CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 CVE-2007-6015 CVE-2008-1105 CVE-2008-3789 CVE-2008-4314 CVE-2009-0022 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4496 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 CVE-2015-0240 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmikmod-3.1.11a-116.2.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmikmod-3.1.11a-116.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmpfr1-32bit-2.3.2-3.118.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmpfr1-32bit-2.3.2-3.118.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-9474 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmspack-devel-0.0.20060920alpha-74.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmspack-devel-0.0.20060920alpha-74.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-9556 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmusicbrainz-devel-2.1.5-5.18 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmusicbrainz-devel-2.1.5-5.18 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4197 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmysql55client_r18-32bit-5.5.43-0.7.3 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmysql55client_r18-32bit-5.5.43-0.7.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2009-5026 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 CVE-2012-2122 CVE-2012-5611 CVE-2012-5615 CVE-2013-1861 CVE-2013-1976 CVE-2013-3783 CVE-2013-3793 CVE-2013-3794 CVE-2013-3795 CVE-2013-3796 CVE-2013-3798 CVE-2013-3801 CVE-2013-3802 CVE-2013-3804 CVE-2013-3805 CVE-2013-3806 CVE-2013-3807 CVE-2013-3808 CVE-2013-3809 CVE-2013-3810 CVE-2013-3811 CVE-2013-3812 CVE-2013-4316 CVE-2013-5860 CVE-2013-5881 CVE-2013-5882 CVE-2013-5891 CVE-2013-5894 CVE-2013-5908 CVE-2014-0001 CVE-2014-0224 CVE-2014-0384 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0427 CVE-2014-0430 CVE-2014-0431 CVE-2014-0433 CVE-2014-0437 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2434 CVE-2014-2435 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 CVE-2014-2442 CVE-2014-2444 CVE-2014-2450 CVE-2014-2451 CVE-2014-2484 CVE-2014-2494 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0385 CVE-2015-0391 CVE-2015-0405 CVE-2015-0409 CVE-2015-0411 CVE-2015-0423 CVE-2015-0432 CVE-2015-0433 CVE-2015-0438 CVE-2015-0439 CVE-2015-0441 CVE-2015-0498 CVE-2015-0499 CVE-2015-0500 CVE-2015-0501 CVE-2015-0503 CVE-2015-0505 CVE-2015-0506 CVE-2015-0507 CVE-2015-0508 CVE-2015-0511 CVE-2015-2305 CVE-2015-2566 CVE-2015-2567 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2576 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libmysqlclient-devel-5.0.96-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libmysqlclient-devel-5.0.96-0.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-0903 CVE-2006-4226 CVE-2006-4227 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CVE-2008-2079 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4484 CVE-2009-5026 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 CVE-2012-2122 CVE-2012-5611 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libneon-devel-0.29.6-6.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libneon-devel-0.29.6-6.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0157 CVE-2008-3746 CVE-2009-2473 CVE-2009-2474 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libnetpbm-devel-10.26.44-101.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libnetpbm-devel-10.26.44-101.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-4274 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libnewt0_52-0.52.10-1.35.113 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libnewt0_52-0.52.10-1.35.113 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-2905 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libopenssl-devel-0.9.8j-0.70.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libopenssl-devel-0.9.8j-0.70.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2009-5146 CVE-2010-0740 CVE-2010-2939 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libotr-devel-3.2.0-10.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libotr-devel-3.2.0-10.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-3461 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libpcp3-3.6.10-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libpcp3-3.6.10-0.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 CVE-2012-5530 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libpixman-1-0-devel-0.24.4-0.15.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libpixman-1-0-devel-0.24.4-0.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1591 CVE-2013-6425 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libpng-devel-1.2.31-5.33.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libpng-devel-1.2.31-5.33.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5793 CVE-2008-3964 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 CVE-2009-2042 CVE-2009-5063 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2012-3425 CVE-2013-7353 CVE-2013-7354 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libpoppler-devel-0.12.3-1.10.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libpoppler-devel-0.12.3-1.10.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0104 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 CVE-2008-2950 CVE-2009-0755 CVE-2009-0756 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 CVE-2010-5110 CVE-2013-1790 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libproxy-devel-0.3.1-2.6.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libproxy-devel-0.3.1-2.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-4505 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libpulse-devel-0.9.23-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libpulse-devel-0.9.23-0.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-0008 CVE-2014-3970 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libreadline5-5.2-147.27.35 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libreadline5-5.2-147.27.35 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libreoffice-4.0.3.3.26-0.10.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0238 CVE-2007-0239 CVE-2010-0395 CVE-2010-2935 CVE-2010-2936 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-3702 CVE-2010-3704 CVE-2010-4253 CVE-2010-4643 CVE-2013-4156 CVE-2014-3575 CVE-2014-3693 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libreoffice-branding-upstream-4.0.3.3.26-0.10.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libreoffice-branding-upstream-4.0.3.3.26-0.10.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3693 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libreoffice-help-cs-4.0.3.3.26-0.10.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libreoffice-help-cs-4.0.3.3.26-0.10.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-3693 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libreoffice-testtool-3.4.5.5-0.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0238 CVE-2007-0239 CVE-2010-0395 CVE-2010-2935 CVE-2010-2936 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-3702 CVE-2010-3704 CVE-2010-4253 CVE-2010-4643 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 librsvg-devel-2.26.0-2.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the librsvg-devel-2.26.0-2.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-3146 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsamplerate-devel-0.1.4-1.15 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsamplerate-devel-0.1.4-1.15 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-5008 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsmi-0.4.5-2.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsmi-0.4.5-2.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-2891 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsndfile-devel-1.0.20-2.6.5 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsndfile-devel-1.0.20-2.6.5 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4974 CVE-2009-0186 CVE-2009-1788 CVE-2009-1791 CVE-2009-4835 CVE-2011-2696 CVE-2014-9496 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsnmp15-32bit-5.4.2.1-8.12.22.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsnmp15-32bit-5.4.2.1-8.12.22.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4309 CVE-2008-6123 CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310 CVE-2014-3565 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsoup-devel-2.32.2-4.13.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsoup-devel-2.32.2-4.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-5876 CVE-2011-2524 CVE-2012-2132 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libssh2-0.2-5.20.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libssh2-0.2-5.20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-4562 CVE-2014-0017 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libssh2-1-1.2.9-4.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libssh2-1-1.2.9-4.2.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2015-1782 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libsss_idmap-devel-1.9.4-0.16.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libsss_idmap-devel-1.9.4-0.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libtasn1-devel-1.5-1.30.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libtasn1-devel-1.5-1.30.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libthai-0.1.9-9.19.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libthai-0.1.9-9.19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-4012 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libtiff-devel-3.8.2-141.154.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libtiff-devel-3.8.2-141.154.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1586 CVE-2008-2327 CVE-2009-2285 CVE-2009-2347 CVE-2010-1411 CVE-2010-4665 CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libtirpc-devel-0.2.1-1.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-3999 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libtool-2.2.6-2.131.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libtool-2.2.6-2.131.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-3736 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libtunepimp-0.5.3-126.25 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libtunepimp-0.5.3-126.25 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-3600 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libupsclient1-2.6.2-0.2.4.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libupsclient1-2.6.2-0.2.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-2944 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libvirt-devel-1.2.5-3.76 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libvirt-devel-1.2.5-3.76 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-5086 CVE-2010-2242 CVE-2011-1146 CVE-2011-1486 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2012-4423 CVE-2013-1962 CVE-2013-4291 CVE-2013-4296 CVE-2013-4311 CVE-2013-5651 CVE-2013-6436 CVE-2013-6456 CVE-2013-6458 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2015-0236 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libvorbis-devel-1.2.0-79.20.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libvorbis-devel-1.2.0-79.20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2009-2663 CVE-2009-3379 CVE-2012-0444 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libwebkit-1_0-1-1.0.1-0.1.141 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libwebkit-1_0-1-1.0.1-0.1.141 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-3632 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libwebkit-1_0-2-1.2.7-0.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libwebkit-1_0-2-1.2.7-0.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-3632 CVE-2010-4040 CVE-2011-1290 CVE-2011-1344 CVE-2011-1774 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libwmf-0.2.8.4-206.27.4 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libwmf-0.2.8.4-206.27.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-3376 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libwpd-0_8-8-0.8.14-4.33 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libwpd-0_8-8-0.8.14-4.33 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-0002 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libwsman-devel-2.2.3-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libwsman-devel-2.2.3-0.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3566 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libxcrypt-devel-3.0.3-0.6.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libxcrypt-devel-3.0.3-0.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-2483 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libxine-devel-1.1.15-23.3.9 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libxine-devel-1.1.15-23.3.9 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-1664 CVE-2006-4799 CVE-2006-4800 CVE-2007-1387 CVE-2008-0073 CVE-2008-0225 CVE-2008-0486 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 CVE-2008-3231 CVE-2008-5234 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5243 CVE-2009-1274 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libxml-1.8.17-481.19.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libxml-1.8.17-481.19.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-2414 CVE-2009-2416 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libxml2-devel-2.7.6-0.31.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libxml2-devel-2.7.6-0.31.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-6284 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2414 CVE-2009-2416 CVE-2010-4494 CVE-2011-1944 CVE-2011-2821 CVE-2011-3102 CVE-2011-3919 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2013-0338 CVE-2013-2877 CVE-2014-0191 CVE-2014-3660 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libxslt-devel-1.1.24-19.23.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libxslt-devel-1.1.24-19.23.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1767 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 CVE-2013-4520 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 libyaml-devel-0.1.3-0.10.16.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the libyaml-devel-0.1.3-0.10.16.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 lighttpd-1.4.20-2.54.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the lighttpd-1.4.20-2.54.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1869 CVE-2007-1870 CVE-2008-0983 CVE-2008-1111 CVE-2008-1270 CVE-2008-1531 CVE-2010-0295 CVE-2011-1473 CVE-2011-4362 CVE-2014-2323 CVE-2014-2324 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 lxc-0.8.0-0.23.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the lxc-0.8.0-0.23.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-6441 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 lynx-2.8.6-143.19 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the lynx-2.8.6-143.19 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-7234 CVE-2008-4690 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 lzo-devel-2.03-12.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the lzo-devel-2.03-12.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-4607 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 memcached-1.2.6-5.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the memcached-1.2.6-5.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-1494 CVE-2009-2415 CVE-2010-1152 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 mercurial-2.3.2-0.9.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the mercurial-2.3.2-0.9.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2942 CVE-2014-9462 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 mozilla-nspr-devel-4.10.7-0.3.3 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the mozilla-nspr-devel-4.10.7-0.3.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-5607 CVE-2014-1545 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 mozilla-nss-devel-3.17.3-0.8.11 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the mozilla-nss-devel-3.17.3-0.8.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2013-0743 CVE-2013-1739 CVE-2013-1741 CVE-2013-2566 CVE-2013-5605 CVE-2013-5606 CVE-2014-1492 CVE-2014-1545 CVE-2014-1568 CVE-2014-1569 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 mozilla-xulrunner192-devel-1.9.2.27-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the mozilla-xulrunner192-devel-1.9.2.27-0.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-5913 CVE-2009-3555 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-1585 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1202 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE-2011-2980 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3026 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 CVE-2011-3659 CVE-2011-3666 CVE-2011-3670 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0449 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 nagios-3.0.6-1.25.36.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the nagios-3.0.6-1.25.36.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-5803 CVE-2011-1523 CVE-2012-6096 CVE-2013-7108 CVE-2014-1878 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 netatalk-2.0.3-249.21.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the netatalk-2.0.3-249.21.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-5718 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 novell-ipsec-tools-0.7.1-2.29.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the novell-ipsec-tools-0.7.1-2.29.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1841 CVE-2009-1632 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 obex-data-server-0.4.6-2.7.90 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the obex-data-server-0.4.6-2.7.90 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2374 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ofed-devel-1.5.4.1-20.26 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ofed-devel-1.5.4.1-20.26 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-1693 CVE-2010-3904 CVE-2010-4649 CVE-2011-3345 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 openCryptoki-3.2-0.11.26 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the openCryptoki-3.2-0.11.26 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-4454 CVE-2012-4455 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 openldap2-2.4.26-0.30.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the openldap2-2.4.26-0.30.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-1164 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 opensc-devel-0.11.6-5.27.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the opensc-devel-0.11.6-5.27.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2235 CVE-2009-0368 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 openslp-devel-1.2.0-172.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the openslp-devel-1.2.0-172.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-3609 CVE-2012-4428 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 opie-2.4-662.18.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the opie-2.4-662.18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 osc-0.139.2-0.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the osc-0.139.2-0.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-1095 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 pam-devel-1.1.5-0.15.9 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the pam-devel-1.1.5-0.15.9 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0579 CVE-2009-0887 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 pango-devel-1.26.2-1.3.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the pango-devel-1.26.2-1.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 pcsc-lite-devel-1.4.102-1.37.3 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the pcsc-lite-devel-1.4.102-1.37.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-0407 CVE-2010-4531 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 perl-DBD-Pg-2.10.3-1.20.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the perl-DBD-Pg-2.10.3-1.20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-1151 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 perl-Tk-devel-804.028-50.24 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the perl-Tk-devel-804.028-50.24 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4484 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the perl-base-32bit-5.10.0-64.72.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-5116 CVE-2010-1168 CVE-2010-1447 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-1487 CVE-2011-2728 CVE-2012-5526 CVE-2012-6329 CVE-2013-1667 CVE-2014-4330 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 php53-devel-5.3.17-0.41.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the php53-devel-5.3.17-0.41.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-7243 CVE-2007-4783 CVE-2007-4840 CVE-2007-4887 CVE-2008-0599 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1398 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4388 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0807 CVE-2012-0830 CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2386 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4248 CVE-2013-4635 CVE-2013-6420 CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5459 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 popt-devel-1.7-37.63.64.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the popt-devel-1.7-37.63.64.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-6435 CVE-2014-8118 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 postgresql-devel-8.3.23-0.4.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the postgresql-devel-8.3.23-0.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-3555 CVE-2009-4034 CVE-2009-4136 CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2010-4014 CVE-2010-4015 CVE-2012-0866 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 postgresql94-devel-9.4.4-0.6.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the postgresql94-devel-9.4.4-0.6.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ppp-devel-2.4.5.git-2.29.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ppp-devel-2.4.5.git-2.29.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3158 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 pwlib-1.10.10-120.35.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the pwlib-1.10.10-120.35.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1864 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-32bit-2.6.9-0.35.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-32bit-2.6.9-0.35.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-2052 CVE-2008-1721 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2013-4238 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-crypto-2.0.1-28.20.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-crypto-2.0.1-28.20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-0544 CVE-2012-2417 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-devel-2.6.9-0.35.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-devel-2.6.9-0.35.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2009-3560 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-imaging-1.1.6-168.34.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-imaging-1.1.6-168.34.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-1932 CVE-2014-1933 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-logilab-common-0.56.2-1.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-logilab-common-0.56.2-1.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-1838 CVE-2014-1839 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-lxml-2.3.6-0.13.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-lxml-2.3.6-0.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3146 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 python-setuptools-0.6c11-5.2.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the python-setuptools-0.6c11-5.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1633 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 qemu-0.10.1-0.5.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the qemu-0.10.1-0.5.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2009-3616 CVE-2012-3515 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 qt3-devel-3.3.8b-88.21 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the qt3-devel-3.3.8b-88.21 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-4811 CVE-2007-0242 CVE-2007-3388 CVE-2007-4137 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 quagga-0.99.15-0.14.11 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the quagga-0.99.15-0.14.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-2223 CVE-2007-1995 CVE-2010-1674 CVE-2010-1675 CVE-2010-2948 CVE-2010-2949 CVE-2013-0149 CVE-2013-2236 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 ruby-devel-1.8.7.p357-0.9.17.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the ruby-devel-1.8.7.p357-0.9.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-3694 CVE-2006-5467 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 CVE-2008-1145 CVE-2008-3790 CVE-2009-0642 CVE-2009-1904 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 CVE-2012-4466 CVE-2013-1821 CVE-2013-4073 CVE-2013-4164 CVE-2014-8080 CVE-2014-8090 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-actionmailer-3_2-3.2.12-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-actionmailer-3_2-3.2.12-0.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0276 CVE-2013-4389 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-actionpack-3_2-3.2.12-0.19.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-actionpack-3_2-3.2.12-0.19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-2660 CVE-2012-2694 CVE-2012-3424 CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0155 CVE-2013-0276 CVE-2013-1855 CVE-2013-1857 CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 CVE-2014-0081 CVE-2014-0082 CVE-2014-0130 CVE-2014-7818 CVE-2014-7829 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-activemodel-3_2-3.2.12-0.5.8 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-activemodel-3_2-3.2.12-0.5.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0276 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-activerecord-3_2-3.2.12-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-activerecord-3_2-3.2.12-0.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-2661 CVE-2012-2695 CVE-2012-5664 CVE-2013-0155 CVE-2013-0276 CVE-2013-1854 CVE-2014-3482 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-activesupport-3_2-3.2.12-0.9.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-activesupport-3_2-3.2.12-0.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0156 CVE-2013-0276 CVE-2013-4389 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-bundler-1.7.0-0.7.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-bundler-1.7.0-0.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0334 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-i18n-0_6-0.6.0-0.8.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-i18n-0_6-0.6.0-0.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-4492 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-json_pure-1.2.0-0.4.4 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-json_pure-1.2.0-0.4.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0269 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-rack-1_4-1.4.5-0.5.8 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-rack-1_4-1.4.5-0.5.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-6109 CVE-2013-0183 CVE-2013-0184 CVE-2013-0262 CVE-2013-0263 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-rack-ssl-1.3.2-0.12.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-rack-ssl-1.3.2-0.12.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-2538 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-rdoc-3.9.1-0.8.3 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-rdoc-3.9.1-0.8.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-0256 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rubygem-sprockets-2_2-2.2.1-0.7.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rubygem-sprockets-2_2-2.2.1-0.7.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-7819 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 rxvt-unicode-9.05-1.19.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the rxvt-unicode-9.05-1.19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1142 CVE-2014-3121 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 sendmail-8.14.3-50.24.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the sendmail-8.14.3-50.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-3956 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 silc-toolkit-1.1.7-7.23.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the silc-toolkit-1.1.7-7.23.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-1227 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 struts-1.2.9-162.37.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the struts-1.2.9-162.37.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-2025 CVE-2014-0114 CVE-2015-0899 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 subversion-1.6.17-1.33.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the subversion-1.6.17-1.33.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-2448 CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1968 CVE-2013-2112 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0248 CVE-2015-0251 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 t1lib-devel-5.1.1-100.21.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the t1lib-devel-5.1.1-100.21.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 taglib-devel-1.5-19.23.4 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the taglib-devel-1.5-19.23.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-1108 CVE-2012-1584 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 telepathy-gabble-0.7.10-2.19.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the telepathy-gabble-0.7.10-2.19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1769 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 texlive-2007-219.34.6 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the texlive-2007-219.34.6 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-1440 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 trousers-devel-0.3.10-0.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the trousers-devel-0.3.10-0.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2012-0698 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 unixODBC_23-devel-2.3.1-0.9.40 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the unixODBC_23-devel-2.3.1-0.9.40 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-1145 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 valgrind-3.8.1-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the valgrind-3.8.1-0.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4865 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 vte-devel-0.22.5-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the vte-devel-0.22.5-0.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2010-2713 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 wireshark-1.10.13-0.2.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the wireshark-1.10.13-0.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-1932 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-2560 CVE-2009-2562 CVE-2009-3549 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304 CVE-2010-1455 CVE-2010-2992 CVE-2010-2993 CVE-2010-2994 CVE-2010-2995 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-1593 CVE-2012-1595 CVE-2012-1596 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4296 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 CVE-2013-4927 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xalan-j2-demo-2.7.0-217.26.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xalan-j2-demo-2.7.0-217.26.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2014-0107 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xen-devel-4.4.2_08-1.7 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xen-devel-4.4.2_08-1.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 CVE-2007-3919 CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3497 CVE-2012-3498 CVE-2012-3515 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1432 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 CVE-2013-2212 CVE-2013-4344 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2013-6400 CVE-2013-6885 CVE-2014-1666 CVE-2014-2599 CVE-2014-3615 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 CVE-2014-9065 CVE-2014-9066 CVE-2015-0361 CVE-2015-2044 CVE-2015-2045 CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 CVE-2015-3209 CVE-2015-3340 CVE-2015-3456 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-devel-32bit-7.4-8.26.44.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-devel-32bit-7.4-8.26.44.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-2895 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libX11-devel-32bit-7.4-5.11.11.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libX11-devel-32bit-7.4-5.11.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXext-devel-32bit-7.4-1.18.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXext-devel-32bit-7.4-1.18.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1982 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXfixes-devel-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXfixes-devel-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1983 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXp-devel-32bit-7.4-1.18.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXp-devel-32bit-7.4-1.18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-2062 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXrender-devel-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXrender-devel-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1987 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXt-devel-32bit-7.4-1.19.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXt-devel-32bit-7.4-1.19.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libXv-devel-32bit-7.4-1.16.2 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libXv-devel-32bit-7.4-1.16.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-1989 CVE-2013-2066 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-libxcb-devel-32bit-7.4-1.29.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-libxcb-devel-32bit-7.4-1.29.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2013-2064 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 xorg-x11-server-sdk-7.4-27.105.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the xorg-x11-server-sdk-7.4-27.105.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 CVE-2007-1003 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2010-2240 CVE-2010-4818 CVE-2010-4819 CVE-2011-4028 CVE-2011-4029 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2015-0255 CVE-2015-3418 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 yast2-core-devel-2.17.46-0.5.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the yast2-core-devel-2.17.46-0.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2008-4311 CVE-2011-2483 CVE-2011-3177 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 yast2-devel-doc-2.17.140-1.1 on GA media (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 These are all security issues fixed in the yast2-devel-doc-2.17.140-1.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 11 SP4. Moderate CVE-2011-3177 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python-Jinja2 (Important) SUSE Linux Enterprise Server 11-PUBCLOUD This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 Security update for python-azure-agent (Moderate) SUSE Linux Enterprise Server 11-PUBCLOUD This update for python-azure-agent fixes the following issues: + Properly set the dhcp configuration to push the hostname to the DHCP server (bsc#1173866) + Do not bring the interface down to push the hostname, just use ifup + Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602) Update to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields Moderate SUSE bug 1061584 SUSE bug 1074865 SUSE bug 1087764 SUSE bug 1092831 SUSE bug 1094420 SUSE bug 1119542 SUSE bug 1127838 SUSE bug 1167601 SUSE bug 1167602 SUSE bug 1173866 SUSE bug 1175130 SUSE bug 997614 CVE-2019-0804 Security update for GraphicsMagick SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 GraphicsMagick was updated to fix an integer overflow (CVE-2012-3438). SUSE bug 773612 CVE-2012-3438 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ImageMagick SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 ImageMagick has been updated to fix an integer overflow (CVE-2012-3438). Also a slowness in 'convert' when resizing JPEG images has been addressed (bnc#754481). SUSE bug 754481 SUSE bug 773612 CVE-2012-3438 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mesa SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993> SUSE bug 815451 SUSE bug 821855 CVE-2013-1993 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for apache2-mod_fcgid SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 A heap overflow in the apache2-mod_fcgid module has been fixed that could have been used by remote attackers to crash the server instance. (CVE-2013-4365) Security Issue reference: * CVE-2013-4365 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4365> SUSE bug 844935 CVE-2013-4365 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for PHP5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420> * CVE-2013-4248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248> SUSE bug 837746 SUSE bug 854880 CVE-2013-4248 CVE-2013-6420 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for PHP5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420> * CVE-2013-6712 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712> * CVE-2013-4248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248> SUSE bug 854880 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for apache2-mod_security2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of mod_security2 fixed a NULL pointer dereference crash (CVE-2013-2765) and a memory issue (double free()) (bnc#822664). Security Issue reference: * CVE-2013-2765 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765> SUSE bug 822664 CVE-2013-2765 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for automake SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of automake fixes a race condition in 'distcheck' (CVE-2012-3386). Also a bug where world writeable tarballs were generated during 'make dist' has been fixed (CVE-2009-4029). Security Issue reference: * CVE-2012-3386 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386> * CVE-2009-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029> SUSE bug 559815 SUSE bug 770618 CVE-2012-3386 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for bind SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mono SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mono was updated to fix a cross site scripting attack in the System.Web class 'forbidden extensions' filtering has been fixed. (CVE-2012-3382) Security Issue reference: * CVE-2012-3382 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382> SUSE bug 769799 CVE-2012-3382 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Samba SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following security issues with Samba: * bnc#844720: DCERPC frag_len not checked (CVE-2013-4408) * bnc#853347: winbind pam security problem (CVE-2012-6150) * bnc#848101: No access check verification on stream files (CVE-2013-4475) And fixes the following non-security issues: * bnc#853021: libsmbclient0 package description contains comments * bnc#817880: rpcclient adddriver and setdrive do not set all needed registry entries * bnc#838472: Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME * bnc#854520 and bnc#849226: various upstream fixes Security Issue references: * CVE-2012-6150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150> * CVE-2013-4408 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408> * CVE-2013-4475 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475> SUSE bug 817880 SUSE bug 838472 SUSE bug 844720 SUSE bug 848101 SUSE bug 849226 SUSE bug 853021 SUSE bug 853347 SUSE bug 854520 CVE-2012-6150 CVE-2013-4408 CVE-2013-4475 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for CUPS SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The following security issue has been fixed in the CUPS print daemon CVE-2012-5519: The patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup, SystemGroupAuthKey, TempDir, User. The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only. Additionally the following bug has been fixed: * strip trailing '@REALM' from username for Kerberos authentication (CUPS STR#3972 bnc#827109) Security Issue reference: * CVE-2012-5519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519> SUSE bug 789566 SUSE bug 827109 CVE-2012-5519 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for curl SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015> SUSE bug 858673 CVE-2014-0015 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for dhcp SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The ISC DHCP server had a denial of service issue in handling specific DDNS requests which could cause a out of memory usage situation. (CVE-2013-2266) This update also adds a dhcp6-server service template for SuSEfirewall2 (bnc#783002) Security Issues: * CVE-2013-2266 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266> SUSE bug 783002 SUSE bug 811934 CVE-2013-2266 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for fastjar SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831> SUSE bug 607043 CVE-2010-0831 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for pidgin SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 pidgin was updated to fix 4 security issues: * Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) * Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) * Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272, bnc#804742) * Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742) Security Issue references: * CVE-2013-0271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271> * CVE-2013-0272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272> * CVE-2013-0273 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273> * CVE-2013-0274 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274> SUSE bug 804742 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative 'height' header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a 'requiredFeatures' attribute is moved between documents. In that situation, the internal representation of the 'requiredFeatures' value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. SUSE bug 777588 CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 MozillaFirefox was updated to the 10.0.10ESR security release. The following issue has been fixed: * MFSA 2012-90: Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below. Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. * CVE-2012-4194: Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. * CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. * CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. SUSE bug 786522 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to 'top'. This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the '~' character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox 'new tab' page, the script will inherit the privileges of the privileged 'new tab' page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) SUSE bug 790140 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4206 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mozilla Firefox was updated to the 10.0.12ESR release. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769> ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749> ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770> ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760> ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762> ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766> ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767> ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761> ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763> ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771> ) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829> ) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768> ) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. ( CVE-2013-0759 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759> ) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. ( CVE-2013-0744 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744> ) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751> ) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764> ) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745> ) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746> ) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747> ) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748> ) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750> ) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752> ) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757> ) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758> ) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753> ) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754> ) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755> ) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756> ) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743> ) SUSE bug 796895 CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 MozillaFirefox has been updated to the 17.0.3ESR release. Important: due to compatibility issues, the Beagle plug-in for MozillaFirefox is temporarily disabled by this update. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes: * MFSA 2013-28: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. * The following issues have been fixed in Firefox 19 and ESR 17.0.3: o Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns (CVE-2013-0780) o Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion (CVE-2013-0782) * MFSA 2013-27 / CVE-2013-0776: Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. * MFSA 2013-26 / CVE-2013-0775: Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. * MFSA 2013-25 / CVE-2013-0774: Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. * MFSA 2013-24 / CVE-2013-0773: Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. * MFSA 2013-23 / CVE-2013-0765: Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. * MFSA 2013-22 / CVE-2013-0772: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. * MFSA 2013-21: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. * Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19 (CVE-2013-0783). Security Issue references: * CVE-2013-0780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780> * CVE-2013-0782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782> * CVE-2013-0776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776> * CVE-2013-0775 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775> * CVE-2013-0774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774> * CVE-2013-0773 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773> * CVE-2013-0765 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0765> * CVE-2013-0772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772> * CVE-2013-0783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783> SUSE bug 804248 SUSE bug 806669 CVE-2013-0765 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 MozillaFirefox has been updated to the 17.0.5ESR release fixing bugs and security issues. Also Mozilla NSS has been updated to version 3.14.3 and Mozilla NSPR to 4.9.6. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 19. (CVE-2013-0789) Jim Chen reported a memory safety problem that affects Firefox for Android * (CVE-2013-0790) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-33 / CVE-2013-0798: Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation. This vulnerability only affects Firefox for Android. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-079: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789> * CVE-2013-0790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 813026 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for freeradius SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update for freeradius-server provides the following fixes and improvements: * Increase the vendor IDs limit from 32767 to 65535 (bnc#791666) * Fix issues with escaping special characters in password (bnc#797515) * Respect expired passwords and accounts when using the unix module (bnc#797313, CVE-2011-4966). Security Issue reference: * CVE-2011-4966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966> SUSE bug 791666 SUSE bug 797313 SUSE bug 797515 CVE-2011-4966 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for freetype2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes: * OOB access in bdf_free_font() and _bdf_parse_glyphs() (CVE-2012-5668 and CVE-2012-5669) As well as the following non-security bugs: * [bdf] Savannah bug #37905. o src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in * [bdf] Fix Savannah bug #37906. o src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'. Security Issue references: * CVE-2012-5668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668> * CVE-2012-5669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669> SUSE bug 795826 CVE-2012-5668 CVE-2012-5669 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ghostscript SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue. Security Issue reference: * CVE-2012-4405 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405> SUSE bug 779700 CVE-2012-4405 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for glibc SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in <sys/mount.h> (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412> * CVE-2013-0242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242> * CVE-2013-1914 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914> * CVE-2013-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237> * CVE-2013-4332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332> * CVE-2013-4788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788> SUSE bug 691365 SUSE bug 779320 SUSE bug 791928 SUSE bug 801246 SUSE bug 811979 SUSE bug 813121 SUSE bug 818628 SUSE bug 819347 SUSE bug 822210 SUSE bug 827811 SUSE bug 828235 SUSE bug 828637 SUSE bug 830268 SUSE bug 834594 SUSE bug 839870 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for GnuTLS SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116> SUSE bug 821818 CVE-2013-2116 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for gtk2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The following issue has been fixed: * Specially crafted GIF and XBM files could have crashed gtk2 (CVE-2012-2370,CVE-2011-2485) Security Issue references: * CVE-2012-2370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370> * CVE-2011-2485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485> SUSE bug 702028 SUSE bug 762735 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for icu SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update is rereleased because some architectures were missed on the first try. It fixes the following security issues: * Specially crafted strings could cause a buffer overflow in icu ( CVE-2011-4599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599> ) * An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409> ) SUSE bug 657910 SUSE bug 736146 CVE-2011-4599 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for inkscape SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 inkscape was updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from the current directory. (CVE-2012-6076) Security Issue references: * CVE-2012-6076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6076> * CVE-2012-5656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656> SUSE bug 794958 SUSE bug 796306 CVE-2012-5656 CVE-2012-6076 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for inn SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 was assigned to this issue. Security Issue reference: * CVE-2012-3523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3523> SUSE bug 776967 CVE-2012-3523 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for java-1_4_2-ibm SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 IBM Java 1.4.2 was updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009> * CVE-2013-3011 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011> * CVE-2013-3012 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012> * CVE-2013-2469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469> * CVE-2013-2465 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465> * CVE-2013-2464 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464> * CVE-2013-2463 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463> * CVE-2013-2473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473> * CVE-2013-2472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472> * CVE-2013-2471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471> * CVE-2013-2470 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470> * CVE-2013-2459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459> * CVE-2013-2456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456> * CVE-2013-2447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447> * CVE-2013-2452 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452> * CVE-2013-2446 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446> * CVE-2013-2450 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450> * CVE-2013-1500 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500> SUSE bug 823034 SUSE bug 829212 CVE-2013-1500 CVE-2013-2446 CVE-2013-2447 CVE-2013-2450 CVE-2013-2452 CVE-2013-2456 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for IBM Java 6 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 IBM Java 6 SR15 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Security Issue references: * CVE-2013-5458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458> * CVE-2013-5456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456> * CVE-2013-5457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457> * CVE-2013-4041 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041> * CVE-2013-5375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375> * CVE-2013-5372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372> * CVE-2013-5843 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843> * CVE-2013-5789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789> * CVE-2013-5830 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830> * CVE-2013-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829> * CVE-2013-5787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787> * CVE-2013-5788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788> * CVE-2013-5824 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824> * CVE-2013-5842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842> * CVE-2013-5782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782> * CVE-2013-5817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817> * CVE-2013-5809 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809> * CVE-2013-5814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814> * CVE-2013-5832 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832> * CVE-2013-5850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850> * CVE-2013-5838 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838> * CVE-2013-5802 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802> * CVE-2013-5812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812> * CVE-2013-5804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804> * CVE-2013-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783> * CVE-2013-3829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829> * CVE-2013-5823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823> * CVE-2013-5831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831> * CVE-2013-5820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820> * CVE-2013-5819 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819> * CVE-2013-5818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818> * CVE-2013-5848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848> * CVE-2013-5776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776> * CVE-2013-5774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774> * CVE-2013-5825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825> * CVE-2013-5840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840> * CVE-2013-5801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801> * CVE-2013-5778 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778> * CVE-2013-5851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851> * CVE-2013-5800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800> * CVE-2013-5784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784> * CVE-2013-5849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849> * CVE-2013-5790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790> * CVE-2013-5780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780> * CVE-2013-5797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797> * CVE-2013-5803 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803> * CVE-2013-5772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772> SUSE bug 849212 CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for IBM Java 7 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Security Issue references: * CVE-2013-5458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458> * CVE-2013-5456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456> * CVE-2013-5457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457> * CVE-2013-4041 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041> * CVE-2013-5375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375> * CVE-2013-5372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372> * CVE-2013-5843 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843> * CVE-2013-5789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789> * CVE-2013-5830 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830> * CVE-2013-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829> * CVE-2013-5787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787> * CVE-2013-5788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788> * CVE-2013-5824 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824> * CVE-2013-5842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842> * CVE-2013-5782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782> * CVE-2013-5817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817> * CVE-2013-5809 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809> * CVE-2013-5814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814> * CVE-2013-5832 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832> * CVE-2013-5850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850> * CVE-2013-5838 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838> * CVE-2013-5802 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802> * CVE-2013-5812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812> * CVE-2013-5804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804> * CVE-2013-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783> * CVE-2013-3829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829> * CVE-2013-5823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823> * CVE-2013-5831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831> * CVE-2013-5820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820> * CVE-2013-5819 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819> * CVE-2013-5818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818> * CVE-2013-5848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848> * CVE-2013-5776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776> * CVE-2013-5774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774> * CVE-2013-5825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825> * CVE-2013-5840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840> * CVE-2013-5801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801> * CVE-2013-5778 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778> * CVE-2013-5851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851> * CVE-2013-5800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800> * CVE-2013-5784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784> * CVE-2013-5849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849> * CVE-2013-5790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790> * CVE-2013-5780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780> * CVE-2013-5797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797> * CVE-2013-5803 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803> * CVE-2013-5772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772> SUSE bug 849212 CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for kdelibs4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This kdelibs4 update fixes several security issues related to khtml/konqueror. * Fix security issues and null pointer references in khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515) Security Issue references: * CVE-2012-4512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512> * CVE-2012-4513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513> * CVE-2012-4515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515> SUSE bug 787520 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418> SUSE bug 849240 CVE-2013-1418 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for lcms SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Samba SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of Samba fixes one security issue and several bugs. The security fix is: * Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111> ) The non-security bug fixes merged from upstream Samba are: * Fix default name resolve order. (docs-xml, bso#7564). * Fix a segfault in vfs_aio_fork. (s3-aio-fork, bso#8836). * Remove whitespace in example samba.ldif. (docs, bso#8789) * Move print_backend_init() behind init_system_info(). (s3-smbd, bso#8845) * Prepend '/' to filename argument. (s3-docs, bso#8826) SUSE bug 757576 CVE-2012-2111 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 libqt4 has been updated to fix several security issues. * An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user (CVE-2013-0254). * openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) * Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied: * Add fix for qdbusviewer not matching args (bnc#784197) Security Issue reference: * CVE-2013-0254 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254> SUSE bug 784197 SUSE bug 797006 SUSE bug 802634 CVE-2013-0254 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for PostgreSQL SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update to version 9.1.9 fixes: * CVE-2013-1899: Fix insecure parsing of server command-line switches. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. Security Issue references: * CVE-2013-1899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899> * CVE-2013-1900 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900> * CVE-2013-1901 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901> SUSE bug 812525 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MySQL SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611). Security Issue references: * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613> * CVE-2012-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612> * CVE-2012-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611> SUSE bug 792444 CVE-2012-5611 CVE-2012-5612 CVE-2012-5613 CVE-2012-5615 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for OpenSSL SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed. Security Issue references: * CVE-2013-0169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2013-0166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> SUSE bug 779952 SUSE bug 802648 SUSE bug 802746 CVE-2013-0166 CVE-2013-0169 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libotr SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes various heap overflows in libotr. CVE-2012-3461 has been assigned to this issue. Security Issue reference: * CVE-2012-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461> SUSE bug 777468 CVE-2012-3461 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for pcp SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. * Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; (bnc#782967). o Fix pcp(1) command short-form pmlogger reporting. o Fix pmdalogger error handling for directory files. o Fix pmstat handling of odd corner case in CPU metrics. o Correct the python ctype used for pmAtomValue 32bit ints. o Add missing RPM spec dependency for python-ctypes. o Corrections to pmdamysql metrics units. o Add pmdamysql slave status metrics. o Improve pmcollectl error messages. o Parameterize pmcollectl CPU counts in interrupt subsys. o Fix generic RPM packaging for powerpc builds. o Fix python API use of reentrant libpcp string routines. o Python code backporting for RHEL5 in qa and pmcollectl. o Fix edge cases in capturing interrupt error counts. * Update to pcp-3.6.9. o Python wrapper for the pmimport API o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified). o Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents. o Rework use of C99 'restrict' keyword in pmdalogger (Debian bug: 689552) o Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there. o Win32 build updates o Add 'raw' disk active metrics so that existing tools like iostat can be emulated o Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it. o Add PMI error codes into the PCP::LogImport perl module. o Fix a typo in pmiUnits man page synopsis section o Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused pmcollectl imports (Redhat bug: 863210) o Allow event traces to be used in libpcp interpolate mode * Update to pcp-3.6.8. o Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/) o Several minor/basic fixes for pmdaoracle. o Improve pmcollectl compatibility. o Make a few clarifications to pmcollectl.1. o Improve python API test coverage. o Numerous updates to the test suite in general. o Allow pmda Install scripts to specify own dso name again. o Reconcile spec file differences between PCP flavours. o Fix handling of multiple contexts with a remote namespace. o Core socket interface abstractions to support NSS (later). o Fix man page SYNOPSIS section for pmUnpackEventRecords. o Add --disable-shared build option for static builds. * Update to pcp-3.6.6. o Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb). o Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly) o Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree. o Fix potential buffer overflow in pmlogger host name handling. o Reworked the configure --prefix handling to be more like the rest of the open source world. o Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306. Security Issue references: * CVE-2012-3418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418> * CVE-2012-3419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419> * CVE-2012-3420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420> * CVE-2012-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421> SUSE bug 732763 SUSE bug 775009 SUSE bug 775010 SUSE bug 775011 SUSE bug 775013 SUSE bug 782967 CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for pixman SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for poppler SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of poppler fixes the following vulnerabilities: * CVE-2013-1788: Various invalid memory issues could be used by attackers supplying PDFs to crash the PDF viewer or potentially execute code. * CVE-2013-1789: A crash in poppler could be used by attackers providing PDFs to crash the PDF viewer. * CVE-2013-1790: An uninitialized memory read could be used by attackers providing PDFs to crash the PDF viewer. Security Issue references: * CVE-2013-1788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788> * CVE-2013-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789> * CVE-2013-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790> SUSE bug 806793 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libproxy SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. Security Issue reference: * CVE-2012-4505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505> SUSE bug 761626 SUSE bug 784523 CVE-2012-4505 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 LibreOffice was updated to SUSE 3.5 bugfix release 13 (based on upstream 3.5.6-rc2) which fixes a lot of bugs. The following bugs have been fixed: * polygon fill rule (bnc#759172) * open XML in Writer (bnc#777181) * undo in text objects (fdo#36138) * broken numbering level (bnc#760019) * better MathML detection (bnc#774921) * pictures in DOCX import (bnc#772094) * collapsing border painting (fdo#39415) * better DOCX text box export (fdo#45724) * hidden text in PPTX import (bnc#759180) * slide notes in PPTX import (bnc#768027) * RTL paragraphs in DOC import (fdo#43398) * better vertical text imports (bnc#744510) * HYPERLINK field in DOCX import (fdo#51034) * shadow color on partial redraw (bnc#773515) * floating objects in DOCX import (bnc#775899) * graphite2 hyphenation regression (fdo#49486) * missing shape position and size (bnc#760997) * page style attributes in ODF import (fdo#38056) * browsing in Template dialog crasher (fdo#46249) * wrong master slide shape being used (bnc#758565) * page borders regression in ODT import (fdo#38056) * invalidate bound rect after drag&drop (fdo#44534) * rotated shape margins in PPTX import (bnc#773048) * pasting into more than 1 sheet crasher (fdo#47311) * crashers in PPT/PPTX import (bnc#768027, bnc#774167 * missing footnote in DOCX/DOC/RTF export (fdo#46020) * checkbox no-label behaviour (fdo#51336, bnc#757602) * try somewhat harder to read w:position (bnc#773061) * FormatNumber can handle sal_uInt32 values (fdo#51793) * rectangle-paragraph tables in DOCX import (bnc#775899) * header and bullet in slideshow transition (bnc#759172) * default background color in DOC/DOCX export (fdo#45724) * font name / size attributes in DOCX import (bnc#774681) * zero rect. size causing wrong line positions (fdo#47434) * adjusted display of Bracket/BracePair in PPT (bnc#741480) * use Unicode functions for QuickStarter tooltip (fdo#52143) * TabRatio API and detect macro at group shape fixes (bnc#770708) * indented text in DOCX file does not wrap correctly (bnc#775906) * undocked toolbars do not show all icons in special ratio (fdo#47071) * cross-reference text when Caption order is Numbering first (fdo#50801) * bullet color same as following text by default (bnc#719988, bnc#734733) * misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) * libvisio was updated to 0.0.19: * file displays as blank page in Draw (fdo#50990) * Use the vendor SUSE instead of Novell, Inc. * Some NULL pointer dereferences were fixed. (CVE-2012-4233) Security Issue reference: * CVE-2012-4233 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4233> SUSE bug 719988 SUSE bug 734733 SUSE bug 741480 SUSE bug 744510 SUSE bug 757602 SUSE bug 758565 SUSE bug 759172 SUSE bug 759180 SUSE bug 760019 SUSE bug 760997 SUSE bug 768027 SUSE bug 770708 SUSE bug 772094 SUSE bug 773048 SUSE bug 773061 SUSE bug 773515 SUSE bug 774167 SUSE bug 774681 SUSE bug 774921 SUSE bug 775899 SUSE bug 775906 SUSE bug 777181 SUSE bug 778669 CVE-2012-4233 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libssh2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of libssh fixes multiple integer overflows. CVE-2012-4562 has been assigned to this issue. Security Issue reference: * CVE-2012-4562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562> SUSE bug 789827 CVE-2012-4562 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libtiff SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This libvirt update fixes a security issue. * bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix crash in remoteDispatchDomainMemoryStats * bnc#817008: Regression: vm-install fails to display on SLES 11 SP2 UV2000 Security Issue reference: * CVE-2013-4296 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296> SUSE bug 817008 SUSE bug 838638 CVE-2013-4296 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 libvirt received security and bugfixes: * CVE-2012-4423: Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed: * qemu: Fix probing for guest capabilities * xen-xm: Generate UUID if not specified * xenParseXM: don't dereference NULL pointer when script is empty Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 772586 SUSE bug 773621 SUSE bug 773626 SUSE bug 780432 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libxml2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877> SUSE bug 829077 SUSE bug 854869 CVE-2013-2877 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libxslt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for lighttpd SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 lighthttpd received fixes for the following security issues: * CVE-2013-4559: lighttpd did not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might have caused lighttpd to run as root if it is restarted and allowed remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. * CVE-2013-4560: Use-after-free vulnerability in lighttpd allowed remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. * CVE-2011-1473: Added support for disabling client side initiated renegotiation to avoid potential computational denial of service (unbalanced computation efforts server vs client). Security Issues: * CVE-2013-4559 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559> * CVE-2013-4560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560> * CVE-2011-1473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473> SUSE bug 801071 SUSE bug 850468 SUSE bug 850469 CVE-2013-4560 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla NSS SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for nagios SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes a DoS vulnerability in process_cgivars() of the nagios package. CVE-2013-7108 has been assigned to this issue. Security Issue reference: * CVE-2013-7108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108> SUSE bug 856837 CVE-2013-7108 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libfreebl3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. SUSE bug 854367 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Perl SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of Perl 5 fixes the following security issues: * fix rehash DoS [bnc#804415] [CVE-2013-1667] * improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] * fix glob denial of service [bnc#796014] [CVE-2011-2728] * sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] Security Issue references: * CVE-2013-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667> SUSE bug 789994 SUSE bug 796014 SUSE bug 797060 SUSE bug 804415 CVE-2013-1667 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Python SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for python-httplib2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This patch fixes a SSL certificate verification issue in python-httplib2, where remote server certificates would not have validated against the known good root certificates. Security Issue reference: * CVE-2013-2037 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2037> SUSE bug 818100 CVE-2013-2037 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for qemu SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The qemu vt100 emulation is affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). Security Issue references: * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 777084 CVE-2012-3515 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for quagga SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of quagga fixes two security issues: * CVE-2013-0149: specially-crafted OSPF packets could have caused the routing table to be erased (bnc#822572) * CVE-2013-2236: local network stack overflow (bnc#828117) Security Issue references: * CVE-2013-2236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236> * CVE-2013-0149 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0149> SUSE bug 822572 SUSE bug 828117 CVE-2013-0149 CVE-2013-2236 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-rack SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 3 denial of service conditions in the Rack 1.3 rubygem have been fixed. * Rack was updated to 1.3.10: o Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Rack was updated to 1.3.9. o Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings (CVE-2013-0184) o Security: Prevent unbounded reads in large multipart boundaries (CVE-2013-0183) * Changes from 1.3.7 (CVE-2012-6109) o Add warnings when users do not provide a session secret o Fix parsing performance for unquoted filenames o Updated URI backports o Fix URI backport version matching, and silence constant warnings o Correct parameter parsing with empty values o Correct rackup '-I' flag, to allow multiple uses o Correct rackup pidfile handling o Report rackup line numbers correctly o Fix request loops caused by non-stale nonces with time limits o Prevent infinite recursions from Response#to_ary o Various middleware better conforms to the body close specification o Updated language for the body close specification o Additional notes regarding ECMA escape compatibility issues o Fix the parsing of multiple ranges in range headers Security Issue references: * CVE-2013-0184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184> * CVE-2013-0183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183> * CVE-2012-6109 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109> SUSE bug 798452 SUSE bug 802794 CVE-2012-6109 CVE-2013-0183 CVE-2013-0184 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-rack SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Denial of service conditions in the Rack 1.1 rubygem have been fixed. Rack has been updated to 1.1.6: * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Rack has been updated to 1.1.5: * Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings (CVE-2013-0184) * Add warnings when users do not provide a session secret * Security fix. http://www.ocert.org/advisories/ocert-2011-003.html Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1 Security Issue references: * CVE-2013-0184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184> * CVE-2013-0183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183> * CVE-2012-6109 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109> SUSE bug 798452 SUSE bug 802794 CVE-2012-6109 CVE-2013-0183 CVE-2013-0184 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ruby SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing Security Issue references: * CVE-2013-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164> * CVE-2009-0689 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689> SUSE bug 851803 CVE-2009-0689 CVE-2013-4164 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Ruby On Rails SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The Ruby on Rails stack has been updated to 2.3.17 to fix various security issues and bugs. The rails gems have been updated to fix: * Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) * Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) * activerecord: SQL Injection (CVE-2012-5664) * rails: Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 (CVE-2013-0333) * activerecord: Circumvention of attr_protected (CVE-2013-0276) * activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277) Security Issue references: * CVE-2012-5664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664> * CVE-2013-0155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155> * CVE-2013-0156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156> * CVE-2013-0277 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277> * CVE-2013-0276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276> SUSE bug 796712 SUSE bug 797449 SUSE bug 797452 SUSE bug 800320 SUSE bug 803336 SUSE bug 803339 CVE-2012-5664 CVE-2013-0155 CVE-2013-0156 CVE-2013-0276 CVE-2013-0277 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-actionpack-2_1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following security issue with rubygem-actionpack: * bnc#853632: number_to_currency XSS (CVE-2013-6415) Security Issue reference: * CVE-2013-6415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415> SUSE bug 853632 CVE-2013-6415 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-actionpack-2_3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following security issues with rubygem-actionpack: * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). Security Issue references: * CVE-2013-4491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491> * CVE-2013-6417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417> * CVE-2013-6415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415> * CVE-2013-6414 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414> SUSE bug 853632 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-activerecord SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update to rubygem-activerecord fixes a SQL injection caused by mishandling nested parameters . ( CVE-2012-2695 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695> ) SUSE bug 766792 CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-activesupport-2_3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-activesupport-2_3 was updated to fix two HTML escaping issues that may be used by an attacker for a cross-site scripting (XSS) attack. ( CVE-2012-3464 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464> , CVE-2012-3465 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465> ) SUSE bug 775653 CVE-2012-3464 CVE-2012-3465 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-activesupport-3_2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The Rubygem ActiveSupport received a security fix: * CVE-2013-4389: A possible DoS vulnerability in the log subscriber component was fixed Security Issue reference: * CVE-2013-4389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389> SUSE bug 846239 CVE-2013-4389 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-json_pure SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The json_pure Ruby Gem has been updated to fix a Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) * Entity expansion DoS vulnerability in REXML (XML bomb) Security Issues: * CVE-2013-0269 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269> SUSE bug 803342 CVE-2013-0269 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-mail-2_3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of rubygem-mail fixes two security issues: * CVE-2012-2139: A file system traversal in file_delivery method. * CVE-2012-2140: Arbitrary command execution when using exim or sendmail from the commandline. Security Issue references: * CVE-2012-2139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139> * CVE-2012-2140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140> SUSE bug 759092 CVE-2012-2139 CVE-2012-2140 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-rack-cache SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The following issue has been fixed: * rack-cache caches potentially sensitive response headers such as Set-Cookie (CVE-2012-2671) Security Issue reference: * CVE-2012-2671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2671> SUSE bug 763650 CVE-2012-2671 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for rubygem-rdoc SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem rdoc had a incorrect piece of javascript in darkfish.js, which allowed cross site scripting attacks (XSS). This was possible only if the darkfish.js or rdoc generated documentation is exposed on the webserver, which is not a common use case. (CVE-2013-0256) Security Issue reference: * CVE-2013-0256 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0256> SUSE bug 802406 CVE-2013-0256 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Ruby on Rails SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The Ruby on Rails 2.3 stack received security fixes for following issues: ActionPack: * CVE-2013-1855: A XSS vulnerability in sanitize_css in Action Pack was fixed (bnc#809935). * CVE-2013-1857: A XSS Vulnerability in the sanitize helper of Ruby on Rails was fixed (bnc#809940). ActiveRecord: * CVE-2013-1854: A Symbol DoS vulnerability in Active Record was fixed (bnc#809932). ActiveSupport: * CVE-2013-1854: A Symbol DoS vulnerability in Active Record was fixed (bnc#809932). Security Issue reference: * CVE-2013-1854 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854> SUSE bug 809932 SUSE bug 809935 SUSE bug 809940 CVE-2013-1854 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Ruby On Rails 3.2 stack SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The Ruby on Rails 3.2 stack has been updated to 3.2.12 to fix various security issues and bugs: * rubygem-actionmailer-3_2: has been updated to 3.2.12. * rubygem-actionpack-3_2: has been updated to 3.2.12. * rubygem-activeresource-3_2: has been updated to 3.2.12. * rubygem-activesupport-3_2: has been updated to 3.2.12. * rubygem-railties-3_2: has been updated to 3.2.12. * rubygem-rails-3_2: has been updated to 3.2.12. * rubygem-activemodel-3_2: has been updated to 3.2.12, received a security fix for CVE-2013-0276: Fix issue with attr_protected where malformed input could circumvent protection * rubygem-activerecord-3_2: has been updated to 3.2.12, received a security fix for CVE-2013-0276: o Quote numeric values being compared to non-numeric columns. Otherwise, in some database, the string column values will be coerced to a numeric allowing 0, 0.0 or false to match any string starting with a non-digit. Read more about this problem here <http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/> . * A XSS in sanitize_css in Action Pack has been fixed (CVE-2013-1855) * A XSS Vulnerability in the sanitize helper of Ruby on Rails Action Pack has been fixed (CVE-2013-1857) * A Symbol DoS vulnerability in Active Record has been fixed. (CVE-2013-1854) * Also rubygem-rack-1_4 has been updated to 1.4.5 (bnc#802794 bnc#802795) o Fix CVE-2013-0263, timing attack against Rack::Session::Cookie o Fix CVE-2013-0262, symlink path traversal in Rack::File o update to 1.4.4 (bnc#798452) + [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings (CVE-2013-0184) o changes from 1.4.3 + Security: Prevent unbounded reads in large multipart boundaries (CVE-2013-0183) o changes from 1.4.2 (CVE-2012-6109) + Add warnings when users do not provide a session secret + Fix parsing performance for unquoted filenames + Updated URI backports + Fix URI backport version matching, and silence constant warnings + Correct parameter parsing with empty values + Correct rackup '-I' flag, to allow multiple uses + Correct rackup pidfile handling + Report rackup line numbers correctly + Fix request loops caused by non-stale nonces with time limits + Fix reloader on Windows + Prevent infinite recursions from Response#to_ary + Various middleware better conforms to the body close specification + Updated language for the body close specification + Additional notes regarding ECMA escape compatibility issues + Fix the parsing of multiple ranges in range headers + Prevent errors from empty parameter keys + Added PATCH verb to Rack::Request + Various documentation updates + Fix session merge semantics (fixes rack-test) + Rack::Static :index can now handle multiple directories + All tests now utilize Rack::Lint (special thanks to Lars Gierth) + Rack::File cache_control parameter is now deprecated, and removed by 1.5 + Correct Rack::Directory script name escaping + Rack::Static supports header rules for sophisticated configurations + Multipart parsing now works without a Content-Length header + New logos courtesy of Zachary Scott! + Rack::BodyProxy now explicitly defines #each, useful for C extensions + Cookies that are not URI escaped no longer cause exceptions Security Issues: * CVE-2013-1854 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854> SUSE bug 809932 SUSE bug 809935 SUSE bug 809940 CVE-2013-1854 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for subversion SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 The following issues have been fixed in subversion: * mod_dontdothat did not restrict requests from serf based clients (CVE-2013-4505) * DoS via an assert in mod_dav_svn (CVE-2013-4558) Security Issue references: * CVE-2013-4505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505> * CVE-2013-4558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558> SUSE bug 850667 CVE-2013-4505 CVE-2013-4558 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for telepathy-gabble SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 telepathy-gabble was updated to fix several remotely-triggerable NULL crashes (CVE-2013-1769) Security Issues: * CVE-2013-1769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769> SUSE bug 807449 CVE-2013-1769 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for wireshark SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html <https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html> Security Issue references: * CVE-2013-7112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112> * CVE-2013-7113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113> * CVE-2013-7114 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114> SUSE bug 855980 SUSE bug 856496 SUSE bug 856498 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 XEN has been updated to fix various bugs and security issues: * CVE-2013-0153: (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. * CVE-2012-6075: qemu: The e1000 had overflows under some conditions, potentially corrupting memory. * CVE-2013-0154: (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only) * CVE-2012-5634: (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed: * bnc#805094 - xen hot plug attach/detach fails * bnc#802690 - domain locking can prevent a live migration from completing * bnc#797014 - no way to control live migrations o fix logic error in stdiostream_progress o restore logging in xc_save o add options to control migration tunables * bnc#806736: enabling xentrace crashes hypervisor * Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) * bnc#798188 - Add $network to xend initscript dependencies * bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 * bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel * Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch * bnc#793927 - Xen VMs with more than 2 disks randomly fail to start * Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch * Update to Xen 4.1.4 c/s 23432 * Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures * Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch * Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. Security Issue references: * CVE-2013-0153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153> * CVE-2012-6075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075> * CVE-2012-5634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634> SUSE bug 793927 SUSE bug 794316 SUSE bug 797014 SUSE bug 797031 SUSE bug 797523 SUSE bug 798188 SUSE bug 799694 SUSE bug 800156 SUSE bug 800275 SUSE bug 802690 SUSE bug 805094 SUSE bug 806736 CVE-2012-5634 CVE-2012-6075 CVE-2013-0153 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen and libvirt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN has been fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest * virt-manager - SLE11-SP2 ONLY * bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2 from SLES10 Security Issue reference: * CVE-2012-3432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432> SUSE bug 746702 SUSE bug 762484 SUSE bug 762963 SUSE bug 764982 SUSE bug 766283 SUSE bug 773393 SUSE bug 773401 SUSE bug 773955 CVE-2012-3432 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 XEN was updated 4.1.3 to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 The following related bugs in vm-install 0.5.12 have been fixed: * bnc#776300 - vm-install does not pass --extra-args in --upgrade * Add for support Open Enterprise Server 11 * Add support for Windows 8 and Windows Server 2012 * Add support for Ubuntu 12 (Precise Pangolin) Security Issue references: * CVE-2012-3496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496> * CVE-2012-3494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494> * CVE-2012-3495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495> * CVE-2012-3498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498> * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 776300 SUSE bug 776995 SUSE bug 777084 SUSE bug 777086 SUSE bug 777088 SUSE bug 777090 SUSE bug 777091 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 XEN was updated to fix various bugs and security issues: The following security issues have been fixed: * CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25) * CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA 20) * CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22) * CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA 23) * CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24) * CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) Also the following bugs have been fixed and upstream patches have been applied: * bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch * Upstream patches merged: 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch * bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 777890 SUSE bug 778105 SUSE bug 779212 SUSE bug 784087 SUSE bug 786516 SUSE bug 786517 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.patch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointers.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-crash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919> * CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920> * CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952> * CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964> * CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072> * CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076> * CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077> * CVE-2013-2078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078> SUSE bug 801663 SUSE bug 809662 SUSE bug 813673 SUSE bug 813675 SUSE bug 813677 SUSE bug 814709 SUSE bug 816156 SUSE bug 816159 SUSE bug 816163 SUSE bug 819416 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 XEN has been updated to version 4.1.6 which fixes various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even with disabled iommu * CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table pin error path * CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive console related xenstore keys * xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) Various bugs have also been fixed: * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * migrate.py support of short options dropped by PTF (bnc#824676) * after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing (bnc#803712) * various upstream fixes have been included Security Issue references: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> * CVE-2013-2211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211> * CVE-2013-4329 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 803712 SUSE bug 823011 SUSE bug 823608 SUSE bug 823786 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833796 SUSE bug 834751 SUSE bug 839596 SUSE bug 839600 SUSE bug 839618 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4416 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 Xen has been updated to fix a security issue and a bug: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. A non-security bug has also been fixed: * It is possible to start a VM twice on the same node (bnc#840997) Security Issue references: * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> SUSE bug 840997 SUSE bug 848657 CVE-2013-4494 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-server SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424> SUSE bug 853846 CVE-2013-6424 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update fixes a stack buffer overflow in xorg-x11 in the bdfReadCharacters() function. CVE-2013-6462 has been assigned to this issue. Security Issue reference: * CVE-2013-6462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462> SUSE bug 854915 CVE-2013-6462 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libX11 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664). Security Issue references: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXext SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXp SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXrender SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXt SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXv SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libxcb SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064> SUSE bug 818829 SUSE bug 821584 CVE-2013-2064 cpe:/o:suse:sle-sdk:11:sp2 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) * Use-after-free with SMIL Animation Controller. (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue: * Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues references: * CVE-2014-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533> * CVE-2014-1534 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534> * CVE-2014-1536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536> * CVE-2014-1537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537> * CVE-2014-1538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538> * CVE-2014-1541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541> * CVE-2014-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545> SUSE bug 881874 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Image Magick SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 ImageMagick has been updated to fix four security issues: * Crafted jpeg file could have lead to a Denial of Service (CVE-2014-8716). * Out-of-bounds memory access in resize code (CVE-2014-8354) * Out-of-bounds memory access in PCX parser (CVE-2014-8355). * Out-of-bounds memory error in DCM decode (CVE-2014-8562). Security Issues: * CVE-2014-8716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716> * CVE-2014-8355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355> * CVE-2014-8354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354> * CVE-2014-8562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562> SUSE bug 903204 SUSE bug 903216 SUSE bug 903638 SUSE bug 905260 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737> * CVE-2013-1735 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735> * CVE-2013-1736 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736> * CVE-2013-1732 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732> * CVE-2013-1730 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730> * CVE-2013-1726 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726> * CVE-2013-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725> * CVE-2013-1722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722> * CVE-2013-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718> * CVE-2013-1705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705> SUSE bug 840485 CVE-2013-1705 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1726 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16: * required for Firefox 29 * CVE-2014-1492: In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532> * CVE-2014-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531> * CVE-2014-1530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530> * CVE-2014-1529 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529> * CVE-2014-1524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524> * CVE-2014-1523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523> * CVE-2014-1520 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520> * CVE-2014-1518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518> SUSE bug 865539 SUSE bug 869827 SUSE bug 875378 SUSE bug 875803 CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816) * CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807) * Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801) Security Issues: * CVE-2015-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801> * CVE-2015-0807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807> * CVE-2015-0813 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813> * CVE-2015-0814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814> * CVE-2015-0816 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816> SUSE bug 925368 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0816 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for a2ps SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The text to postscript converter a2ps received a security update. The fixps script did not call ghostscript with the -DSAFER option, allowing command execution by attacker supplied postscript files. Security Issue reference: * CVE-2014-0466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466> SUSE bug 871097 CVE-2014-0466 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183) Bugs fixed: - add SSLSessionTickets directive (bsc#941676) - hardcode modules %files (bsc#444878) - only enable the port 443 for TCP protocol, not UDP. (bsc#931002) Moderate SUSE bug 444878 SUSE bug 931002 SUSE bug 938728 SUSE bug 941676 CVE-2015-3183 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for apache2-mod_fcgid SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 A heap overflow in the apache2-mod_fcgid module was fixed that could be used by remote attackers to crash the server instance. (CVE-2013-4365) Security Issues: * CVE-2013-4365 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4365> SUSE bug 844935 CVE-2013-4365 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for php53 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following vulnerabilities in php: * Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) * Integer overflow in unserialize(). (CVE-2014-3669) * Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668) Security Issues: * CVE-2014-3669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669> * CVE-2014-3670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670> * CVE-2014-3668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668> SUSE bug 902357 SUSE bug 902360 SUSE bug 902368 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for augeas SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Augeas has been updated to fix a symlink overwrite problem (CVE-2012-0786, CVE-2013-6412). Also a bug has been fixed where 'augtool -s set was failing' (bnc#876044) Additionally parsing the multipath configuration has been fixed. bnc#871323 Security Issues: * CVE-2012-0786 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786> * CVE-2013-6412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412> SUSE bug 853044 SUSE bug 871323 SUSE bug 876044 SUSE bug 885003 CVE-2012-0786 CVE-2013-6412 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for augeas (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for automake SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of automake fixes a race condition in 'distcheck'. (CVE-2012-3386) Also a bug where world writeable tarballs were generated during 'make dist' has been fixed (CVE-2009-4029). Security Issue references: * CVE-2012-3386 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386> * CVE-2009-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029> SUSE bug 559815 SUSE bug 770618 CVE-2012-3386 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bash SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169> * CVE-2014-7186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186> * CVE-2014-7187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187> SUSE bug 898346 SUSE bug 898603 SUSE bug 898604 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for binutils SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 binutils has been updated to fix eight security issues: * Lack of range checking leading to controlled write in _bfd_elf_setup_sections() (CVE-2014-8485). * Invalid read flaw in libbfd (CVE-2014-8484). * Write to uninitialized memory in the PE parser (CVE-2014-8501). * Crash in the PE parser (CVE-2014-8502). * Segfault in the ihex parser when it encounters a malformed ihex file (CVE-2014-8503). * Stack buffer overflow in srec_scan (CVE-2014-8504). * Out-of-bounds memory write while processing a crafted 'ar' archive (CVE-2014-8738). * Directory traversal vulnerability allowing random file deletion/creation (CVE-2014-8737). Security Issues: * CVE-2014-8501 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501> * CVE-2014-8502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502> * CVE-2014-8503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503> * CVE-2014-8504 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504> * CVE-2014-8485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485> * CVE-2014-8738 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738> * CVE-2014-8484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484> * CVE-2014-8737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737> SUSE bug 902676 SUSE bug 902677 SUSE bug 903655 SUSE bug 905735 SUSE bug 905736 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ctdb SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for ctdb provides fixes for the following issues: * Insecure temporary file creation potentially allows for exploitation via symbolic links. (CVE-2013-4159) * Excessive lock contention can result in severe performance degradation when a CTDB cluster is under load. Security Issue reference: * CVE-2013-4159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4159> SUSE bug 836064 SUSE bug 867815 CVE-2013-4159 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for CUPS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes various issues in CUPS. * CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root. Security Issues: * CVE-2014-3537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537> * CVE-2014-5029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029> * CVE-2014-5030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030> * CVE-2014-5031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031> SUSE bug 887240 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This curl update fixes the following security issues: * bnc#868627: wrong re-use of connections (CVE-2014-0138). * bnc#868629: IP address wildcard certificate validation (CVE-2014-0139). * bnc#870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: * CVE-2014-0138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138> * CVE-2014-0139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139> SUSE bug 868627 SUSE bug 868629 SUSE bug 870444 CVE-2014-0138 CVE-2014-0139 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150> * CVE-2014-3613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613> * CVE-2014-3707 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707> SUSE bug 870444 SUSE bug 884698 SUSE bug 885302 SUSE bug 894575 SUSE bug 897816 SUSE bug 901924 SUSE bug 911363 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for dbus-1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Various denial of service issues were fixed in the DBUS service. * CVE-2014-3638: dbus-daemon tracks whether method call messages expect a reply, so that unsolicited replies can be dropped. As currently implemented, if there are n parallel method calls in progress, each method reply takes O(n) CPU time. A malicious user could exploit this by opening the maximum allowed number of parallel connections and sending the maximum number of parallel method calls on each one, causing subsequent method calls to be unreasonably slow, a denial of service. * CVE-2014-3639: dbus-daemon allows a small number of 'incomplete' connections (64 by default) whose identity has not yet been confirmed. When this limit has been reached, subsequent connections are dropped. Alban's testing indicates that one malicious process that makes repeated connection attempts, but never completes the authentication handshake and instead waits for dbus-daemon to time out and disconnect it, can cause the majority of legitimate connection attempts to fail. Security Issues: * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> SUSE bug 896453 CVE-2014-3638 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for e2fsprogs SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Two security issues were fixed in e2fsprogs: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346) Additionally, badblocks was enhanced to work with very large partitions. (bsc#932539) Security Issues: * CVE-2015-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247> * CVE-2015-1572 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572> SUSE bug 915402 SUSE bug 918346 SUSE bug 932539 CVE-2015-0247 CVE-2015-1572 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for elfutils SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 elfutils has been updated to fix one security issue: * CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662). Security Issues: * CVE-2014-9447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447> SUSE bug 911662 CVE-2014-9447 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for emacs SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Emacs has been updated to fix the following issues: * Several cases of insecure usage of temporary files. (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424) * Use of vc-annotate for renamed files when using Git. (bnc#854683) Security Issues: * CVE-2014-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421> * CVE-2014-3422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422> * CVE-2014-3423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423> * CVE-2014-3424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424> SUSE bug 854683 SUSE bug 876847 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for evolution-data-server SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901553 CVE-2014-3566 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for fastjar SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831> SUSE bug 607043 CVE-2010-0831 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for file SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 file was updated to fix one security issue. * An out-of-bounds read flaw file's donote() function. This could possibly lead to file executable crash (CVE-2014-3710). Security Issues: * CVE-2014-3710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710> SUSE bug 902367 CVE-2014-3710 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for finch SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The pidgin Instant Messenger has been updated to fix various security issues: * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding Security Issue references: * CVE-2014-0020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020> * CVE-2013-6490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490> * CVE-2013-6489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489> * CVE-2013-6487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487> * CVE-2013-6486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486> * CVE-2013-6485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485> * CVE-2013-6484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484> * CVE-2013-6483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483> * CVE-2013-6482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482> * CVE-2013-6481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481> * CVE-2013-6479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479> * CVE-2013-6478 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478> * CVE-2013-6477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477> * CVE-2012-6152 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152> SUSE bug 861019 CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. * MFSA 2013-41: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References o Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20. * MFSA 2013-42 / CVE-2013-1670: Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. * MFSA 2013-43 / CVE-2013-1671: Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system. * MFSA 2013-44 / CVE-2013-1672: Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. * MFSA 2013-45: Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References: - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) * MFSA 2013-46 / CVE-2013-1674: Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. * MFSA 2013-47 / CVE-2013-1675: Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. * MFSA 2013-48: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. References o Out of Bounds Read in SelectionIterator::GetNextSegment (CVE-2013-1676) o Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677)) o Invalid write in _cairo_xlib_surface_add_glyph (CVE-2013-1678) o Heap-use-after-free in mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o Heap-use-after-free in nsFrameList::FirstChild (CVE-2013-1680) o Heap-use-after-free in nsContentUtils::RemoveScriptBlocker (CVE-2013-1681) * CVE-2012-1942 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942> * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0793 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> * CVE-2013-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801> * CVE-2013-1669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669> * CVE-2013-1670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670> * CVE-2013-1671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671> * CVE-2013-1672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672> * CVE-2013-1673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673> * CVE-2013-1674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674> * CVE-2013-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675> * CVE-2013-1676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676> * CVE-2013-1677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677> * CVE-2013-1678 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678> * CVE-2013-1679 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679> * CVE-2013-1680 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680> * CVE-2013-1681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681> * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 792432 SUSE bug 813026 SUSE bug 819204 SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues: * MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) * MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. * MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. * MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. * MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) o ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) o ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) * MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477> * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479> * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480> * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481> * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482> * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483> * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484> * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485> * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486> * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487> * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488> * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489> * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490> * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491> SUSE bug 859055 SUSE bug 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs: * MFSA 2014-15: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 24.3 and Firefox 27. (CVE-2014-1493) * Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato reported memory safety problems and crashes that affect Firefox 27. (CVE-2014-1494) * MFSA 2014-16 / CVE-2014-1496: Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system. * MFSA 2014-17 / CVE-2014-1497: Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. * MFSA 2014-18 / CVE-2014-1498: Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. * MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the webcam or microphone by masquerading as another site and gaining user permission through spoofing. * MFSA 2014-20 / CVE-2014-1500: Security researchers Tim Philipp Schaefers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application. * MFSA 2014-21 / CVE-2014-1501: Security researcher Alex Infuehr reported that on Firefox for Android it is possible to open links to local files from web content by selecting 'Open Link in New Tab' from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems. * MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances. * MFSA 2014-23 / CVE-2014-1504: Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces a browser crash with another bug, an XSS attack would occur during session restoration, bypassing the CSP on the site. * MFSA 2014-26 / CVE-2014-1508: Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresses. In combination with previous techniques used for SVG timing attacks, this could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-27 / CVE-2014-1509: Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed. * MFSA 2014-28 / CVE-2014-1505: Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511: Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. * MFSA 2014-30 / CVE-2014-1512: Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. * MFSA 2014-31 / CVE-2014-1513: Security researcher Jueri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution. * MFSA 2014-32 / CVE-2014-1514: Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. SUSE bug 868603 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html <https://www.mozilla.org/security/announce/2014/mfsa2014-63.html> * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html <https://www.mozilla.org/security/announce/2014/mfsa2014-56.html> * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html <https://www.mozilla.org/security/announce/2014/mfsa2014-57.html> * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html <https://www.mozilla.org/security/announce/2014/mfsa2014-58.html> * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html <https://www.mozilla.org/security/announce/2014/mfsa2014-59.html> * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html <https://www.mozilla.org/security/announce/2014/mfsa2014-66.html> * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html <https://www.mozilla.org/security/announce/2014/mfsa2014-61.html> * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html <https://www.mozilla.org/security/announce/2014/mfsa2014-62.html> * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html <https://www.mozilla.org/security/announce/2014/mfsa2014-64.html> * CVE-2014-1558,CVE-2014-1559,CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html <https://www.mozilla.org/security/announce/2014/mfsa2014-65.html> * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html <https://www.mozilla.org/security/announce/2014/mfsa2014-60.html> Security Issues: * CVE-2014-1557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557> * CVE-2014-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547> * CVE-2014-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548> * CVE-2014-1556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556> * CVE-2014-1544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544> * CVE-2014-1555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555> SUSE bug 887746 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues: * CVE-2014-1562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562> * CVE-2014-1567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567> SUSE bug 894370 CVE-2014-1562 CVE-2014-1567 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587> * CVE-2014-1588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588> * CVE-2014-1589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589> * CVE-2014-1590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590> * CVE-2014-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591> * CVE-2014-1592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592> * CVE-2014-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593> * CVE-2014-1594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594> * CVE-2014-1595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595> SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ <https://www.mozilla.org/en-US/security/advisories/> Security Issues: * CVE-2014-1569 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569> * CVE-2014-8634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634> * CVE-2014-8639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639> * CVE-2014-8641 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641> * CVE-2014-8638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638> * CVE-2014-8636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636> * CVE-2014-8637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637> * CVE-2014-8640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640> SUSE bug 910647 SUSE bug 910669 SUSE bug 913064 SUSE bug 913066 SUSE bug 913067 SUSE bug 913068 SUSE bug 913102 SUSE bug 913103 SUSE bug 913104 CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817> * CVE-2015-0818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818> SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update to Firefox 31.7.0 ESR fixes the following issues: * MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. * MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. * MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. * MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. * MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537. Security Issues: * CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> * CVE-2015-2708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708> * CVE-2015-2709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709> * CVE-2015-2710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710> * CVE-2015-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713> * CVE-2015-2716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716> SUSE bug 930622 CVE-2015-0797 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609> * CVE-2013-5610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610> * CVE-2013-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611> * CVE-2013-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612> * CVE-2013-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613> * CVE-2013-5614 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614> * CVE-2013-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615> * CVE-2013-5616 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616> * CVE-2013-5618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618> * CVE-2013-5619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619> * CVE-2013-6671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671> * CVE-2013-6672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672> * CVE-2013-6673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673> SUSE bug 854367 SUSE bug 854370 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. This update fixes some regressions introduced by the previously released update. Security Issues: * CVE-2014-1574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574> * CVE-2014-1575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575> * CVE-2014-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576> * CVE-2014-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577> * CVE-2014-1578 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578> * CVE-2014-1581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581> * CVE-2014-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583> * CVE-2014-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585> * CVE-2014-1586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586> SUSE bug 900941 SUSE bug 905056 SUSE bug 905528 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for flac SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962> * CVE-2014-9028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028> SUSE bug 906831 SUSE bug 907016 CVE-2014-8962 CVE-2014-9028 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for freeradius SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a denial of service (crash) security issue rlm_pap hash processing in FreeRadius, which could have been caused by special passwords fed into the RLM-PAP password checking method via LDAP by remote attackers. Security Issue reference: * CVE-2014-2015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015> SUSE bug 864576 CVE-2014-2015 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for freetype2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The font rendering library freetype2 has been updated to fix various security issues. Security Issues: * CVE-2014-9656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656> * CVE-2014-9657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657> * CVE-2014-9658 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658> * CVE-2014-9660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660> * CVE-2014-9661 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661> * CVE-2014-9662 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662> * CVE-2014-9667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667> * CVE-2014-9666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666> * CVE-2014-9665 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665> * CVE-2014-9664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664> * CVE-2014-9663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663> * CVE-2014-9659 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659> * CVE-2014-9668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668> * CVE-2014-9669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669> * CVE-2014-9670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670> * CVE-2014-9671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671> * CVE-2014-9672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672> * CVE-2014-9673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673> * CVE-2014-9674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674> * CVE-2014-9675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675> SUSE bug 916856 SUSE bug 916857 SUSE bug 916858 SUSE bug 916859 SUSE bug 916861 SUSE bug 916863 SUSE bug 916864 SUSE bug 916865 SUSE bug 916870 SUSE bug 916871 SUSE bug 916872 SUSE bug 916873 SUSE bug 916874 SUSE bug 916879 SUSE bug 916881 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for FUSE SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for FUSE fixes the following security issue: * CVE-2015-3202: FUSE did not clear the environment upon execution of external programs. Security Issues: * CVE-2015-3202 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202> SUSE bug 931452 CVE-2015-3202 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gd SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The graphics drawing library gd has been updated to fix one security issue: * possible buffer read overflow (CVE-2014-9709) Security Issues: * CVE-2014-9709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709> SUSE bug 923945 CVE-2014-9709 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for giflib (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gimp SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issues with gimp: * bnc#853423: XWD plugin g_new() integer overflow (CVE-2013-1913) * bnc#853425: XWD plugin color map heap-based buffer overflow (CVE-2013-1978) * bnc#791372: memory corruption via XWD files (CVE-2012-5576) Security Issue references: * CVE-2013-1913 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913> * CVE-2012-5576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576> * CVE-2013-1978 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978> SUSE bug 791372 SUSE bug 853423 SUSE bug 853425 CVE-2012-5576 CVE-2013-1913 CVE-2013-1978 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for git SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue: * CVE-2014-9390: Arbitrary command execution vulnerability on case-insensitive file systems. (bsc#910756) Linux systems are normally not affected by this issue, unless git is operating on FAT, NTFS or other non Linux file systems. Security Issues: * CVE-2014-9390 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390> SUSE bug 910756 CVE-2014-9390 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Recommended update for git (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules (bsc#948969). Moderate SUSE bug 948969 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This glibc update fixes a critical privilege escalation problem and two non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv. * bnc#888347: printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. Security Issues: * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119> SUSE bug 888347 SUSE bug 892065 SUSE bug 892073 CVE-2014-5119 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> SUSE bug 880730 SUSE bug 880910 CVE-2014-3466 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gpgme SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This gpgme update fixes the following security issue: * bnc#890123: Fix possible overflow in gpgsm and uiserver engines (CVE-2014-3564) Security Issues: * CVE-2014-3564 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564> SUSE bug 890123 CVE-2014-3564 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gdk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for guestfs SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 A predictable socketname in the guestfish commandline tool could be used by a local attacker to gain access to guestfish sessions of other users on the same system. (CVE-2013-4419) Security Issue reference: * CVE-2013-4419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4419> SUSE bug 845720 CVE-2013-4419 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for icu SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue in icu: * CVE-2014-9654: insufficient size limit checks in regular expression compiler (bsc#917129) Security Issues: * CVE-2014-9654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654> SUSE bug 917129 CVE-2014-9654 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for jasper SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for jasper fixes the following security issues: * CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474) * CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475) * CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837) * CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837) Security Issues: * CVE-2014-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138> * CVE-2014-8137 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137> * CVE-2014-8157 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157> * CVE-2014-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158> SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 CVE-2014-8137 CVE-2014-8138 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for IBM Java SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues has been fixed: * Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014 <http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014> Security Issues: * CVE-2014-3065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-6506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506> * CVE-2014-6511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511> * CVE-2014-6531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531> * CVE-2014-6512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512> * CVE-2014-6457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457> * CVE-2014-6502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502> * CVE-2014-6558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558> * CVE-2014-6513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513> * CVE-2014-6503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503> * CVE-2014-4288 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288> * CVE-2014-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493> * CVE-2014-6532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532> * CVE-2014-6492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492> * CVE-2014-6458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458> * CVE-2014-6466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466> * CVE-2014-6515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515> * CVE-2014-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456> * CVE-2014-6476 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476> * CVE-2014-6527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527> SUSE bug 904889 CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries * bsc#941939: provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 935540 SUSE bug 936844 SUSE bug 938895 SUSE bug 941939 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Important SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for IBM Java SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues. These security issues have been fixed: * Unspecified vulnerability (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014 <http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014> Security Issues: * CVE-2014-3065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-6506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506> * CVE-2014-6511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511> * CVE-2014-6531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531> * CVE-2014-6512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512> * CVE-2014-6457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457> * CVE-2014-6502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502> * CVE-2014-6558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558> * CVE-2014-6513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513> * CVE-2014-6503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503> * CVE-2014-4288 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288> * CVE-2014-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493> * CVE-2014-6532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532> * CVE-2014-6492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492> * CVE-2014-6458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458> * CVE-2014-6466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466> * CVE-2014-6515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515> * CVE-2014-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456> * CVE-2014-6476 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476> * CVE-2014-6527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527> SUSE bug 904889 CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 java-1_7_0-ibm was updated to fix 21 security issues. These security issues were fixed: - CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment (bsc#938895). - CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security (bsc#938895). - CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bsc#938895). - CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine (bsc#938895). - CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (bsc#938895). - CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bsc#938895). - CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590 (bsc#938895). - CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers to affect confidentiality via vectors related to JMX (bsc#938895). - CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732 (bsc#938895). - CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JSSE (bsc#938895). - CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-1931: Unspecified vulnerability (bsc#938895). - CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#935540). - CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, did not properly combine state data with key data during the initialization phase, which made it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the 'Bar Mitzvah' issue (bsc#938895). - CVE-2015-4749: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect availability via vectors related to JNDI (bsc#938895). Important SUSE bug 935540 SUSE bug 938895 CVE-2015-0192 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues: - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 941939 SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdebase4-workspace SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This kdebase4-workspace update fixes two security issues: * NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) * Memory leak that could lead to a denial of service. (CVE-2013-4133) Security Issues references: * CVE-2013-4132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4132> * CVE-2013-4133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4133> SUSE bug 829857 CVE-2013-4132 CVE-2013-4133 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdebase4-runtime SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 kdebase4-runtime has been updated to fix one security issue: * CVE-2013-7252: Added gpg based encryption support to kwallet (bnc#857200). Security Issues: * CVE-2013-7252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7252> SUSE bug 857200 CVE-2013-7252 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdelibs4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in microcode via #DB exception (bsc#954404). - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in microcode via #AC exception (bsc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bsc#938706). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951440). - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by validating before applying it (bsc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bsc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered permanent file-descriptor allocation (bsc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bsc#814440). - btrfs: fix hang when failing to submit bio of directIO (bsc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bsc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would have merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn merge heuristic (bsc#904348). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Get rid if the '^A' in struct drm_i915_private (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - fix lpfc_send_rscn_event allocation size claims bsc#935757 - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bsc#947957). - ib/iser: Add Discovery support (bsc#923002). - ib/iser: Move informational messages from error to info level (bsc#923002). - ib/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: Fix reuse connection if real server is dead (bsc#945827). - ipvs: drop first packet to dead server (bsc#946078). - keys: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bsc#930788). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - macvlan: Support bonding events bsc#948521 - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bsc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bsc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bsc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bsc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bsc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bsc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017, bsc#949298). - mm: make page pfmemalloc check more robust (bsc#920016). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786). - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786). - pci: Add flag indicating device has been assigned by KVM (bsc#777565). - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084). - pci: Refresh First VF Offset and VF Stride when updating NumVFs (bsc#952084). - pci: Update NumVFs register when disabling SR-IOV (bsc#952084). - pci: delay configuration of SRIOV capability (bsc#952084). - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bsc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bsc#933721). - usb: xhci: Reset a halted endpoint immediately when we encounter a stall (bsc#933721). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bsc#944989). - usb: xhci: do not start a halted endpoint before its new dequeue is set (bsc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721). - x86/tsc: Change Fast TSC calibration failed from error to info (bsc#942605). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788). - xfs: add background scanning to clear eofblocks inodes (bsc#930788). - xfs: add inode id filtering to eofblocks scan (bsc#930788). - xfs: add minimum file size filtering to eofblocks scan (bsc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788). - xfs: create helper to check whether to free eofblocks on inode (bsc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bsc#930788). - xfs: support a tag-based inode_ag_iterator (bsc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bsc#949981). - xhci: Allocate correct amount of scratchpad buffers (bsc#933721). - xhci: Calculate old endpoints correctly on device reset (bsc#944831). - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bsc#945691). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bsc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bsc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502). - xhci: do not report PLC when link is in internal resume state (bsc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bsc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721). - xhci: report U3 when link is in resume state (bsc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721). - xhci: use uninterruptible sleep for waiting for internal operations (bsc#939955). Important SUSE bug 777565 SUSE bug 814440 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 920016 SUSE bug 923002 SUSE bug 926007 SUSE bug 926709 SUSE bug 926774 SUSE bug 930145 SUSE bug 930788 SUSE bug 932350 SUSE bug 932805 SUSE bug 933721 SUSE bug 935053 SUSE bug 935757 SUSE bug 936118 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940925 SUSE bug 941202 SUSE bug 942204 SUSE bug 942305 SUSE bug 942367 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949981 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 953527 SUSE bug 953980 SUSE bug 954404 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This MIT krb5 update fixes a buffer overrun problem in kadmind: * bnc#891082: buffer overrun in kadmind with LDAP back end (MITKRB5-SA-2014-001) (CVE-2014-4345) MIT krb5 Security Advisory 2014-001 * http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt Security Issues: * CVE-2014-4345 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345> SUSE bug 891082 CVE-2014-4345 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for krb5 fixes the following issues: * When randomizing the keys for a service principal, current keys could be returned. (CVE-2014-5351) * klist -s crashes when handling multiple referral entries. (bnc#890623) Security Issues: * CVE-2014-5351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351> SUSE bug 890623 SUSE bug 897874 CVE-2014-5351 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 krb5 has been updated to fix four security issues: * CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002) Additionally, these non-security issues have been fixed: * Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557) Security Issues: * CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423> SUSE bug 872912 SUSE bug 906557 SUSE bug 912002 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kvm and libvirt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm: * Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) * Fix performance degradation after migration. (bsc#878350) * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) * Add validate hex properties for qdev. (bsc#852397) * Add boot option to do strict boot (bsc#900084) * Add query-command-line-options QMP command. (bsc#899144) * Fix incorrect return value of migrate_cancel. (bsc#843074) * Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt: * Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) * Fix domain deadlock. (bsc#899484, CVE-2014-3657) * Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) * Fix undefined symbol when starting virtlockd. (bsc#910145) * Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) * Add support for 'reboot-timeout' in qemu. (bsc#899144) * Increase QEMU's monitor timeout to 30sec. (bsc#911742) * Allow setting QEMU's migration max downtime any time. (bsc#879665) Security Issues: * CVE-2014-7823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823> * CVE-2014-3657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657> * CVE-2014-3633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633> * CVE-2014-3640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640> * CVE-2014-7840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840> * CVE-2014-8106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106> SUSE bug 843074 SUSE bug 852397 SUSE bug 878350 SUSE bug 879665 SUSE bug 897654 SUSE bug 897783 SUSE bug 899144 SUSE bug 899484 SUSE bug 900084 SUSE bug 904176 SUSE bug 905097 SUSE bug 907805 SUSE bug 908381 SUSE bug 910145 SUSE bug 911742 CVE-2014-3633 CVE-2014-3640 CVE-2014-3657 CVE-2014-7823 CVE-2014-7840 CVE-2014-8106 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lcms SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lcms2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. * User defined parametric curves can now be saved in ICC profiles. * RGB profiles using same tone curves for several channels are storing now only one copy of the curve * update black point detection algorithm to reflect ICC changes * Added new cmsPlugInTHR() and fixed some race conditions * Added error descriptions on cmsSmoothToneCurve * Several improvements in cgats parser. * Fixed devicelink generation for 8 bits * Added a reference for Mac MLU tag * Added a way to read the profile creator from header * Added identity curves support for write V2 LUT * Added TIFF Lab16 handling on tifficc * Fixed a bug in parametric curves * Rendering intent used when creating the transform is now propagated to profile header in cmsTransform2Devicelink. * Transform2Devicelink now keeps white point when guessing deviceclass is enabled * Added some checks for non-happy path, mostly failing mallocs (bnc#826097). For further changes please see the ChangeLog in the RPM. SUSE bug 826097 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libQt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Qt library was updated to fix a XML entity expansion attack (XXE). (CVE-2013-4549) Security Issue reference: * CVE-2013-4549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549> SUSE bug 856832 SUSE bug 859158 CVE-2013-4549 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for PostgreSQL 9.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The PostgreSQL database server was updated to version 9.1.12 to fix various security issues: * Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode'). (CVE-2014-0066) * Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) The complete list of bugs and more information can be found at: http://www.postgresql.org/docs/9.1/static/release-9-1-12.html <http://www.postgresql.org/docs/9.1/static/release-9-1-12.html> Security Issues references: * CVE-2014-0060 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060> * CVE-2014-0061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061> * CVE-2014-0062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062> * CVE-2014-0063 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063> * CVE-2014-0064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064> * CVE-2014-0065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065> * CVE-2014-0066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066> SUSE bug 864845 SUSE bug 864846 SUSE bug 864847 SUSE bug 864850 SUSE bug 864851 SUSE bug 864852 SUSE bug 864853 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libevent SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a buffer overflow in the buffered event handling in libevent. (CVE-2014-6272) Security Issues: * CVE-2014-6272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272> SUSE bug 897243 CVE-2014-6272 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nss SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568> SUSE bug 897890 CVE-2014-1568 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgadu SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 A memory corruption vulnerability has been fixed in libgadu. CVE-2013-6487 has been assigned to this issue. Security Issue reference: * CVE-2013-6487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487> SUSE bug 878540 CVE-2013-6487 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270> SUSE bug 892464 CVE-2014-5270 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libksba SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087> SUSE bug 907074 CVE-2014-9087 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libksba (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lzo SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 lzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. (CVE-2014-4607) Security Issue reference: * CVE-2014-4607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607> SUSE bug 883947 CVE-2014-4607 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmpfr SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for libmpfr fixes a buffer overflow in mpfr_strtofr. (CVE-2014-9474) Security Issues: * CVE-2014-9474 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474> SUSE bug 911812 CVE-2014-9474 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmspack SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue: * CVE-2014-9556: An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214) Security Issues: * CVE-2014-9556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556> SUSE bug 912214 CVE-2014-9556 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmspack (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MySQL SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This MySQL update provides the following: * upgrade to version 5.5.39, [bnc#887580] * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243 See also: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> Security Issues: * CVE-2014-2484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484> * CVE-2014-4258 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258> * CVE-2014-4260 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260> * CVE-2014-2494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494> * CVE-2014-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238> * CVE-2014-4207 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207> * CVE-2014-4233 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233> * CVE-2014-4240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240> * CVE-2014-4214 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214> * CVE-2014-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243> SUSE bug 887580 CVE-2014-2484 CVE-2014-2494 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for OpenSSL SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> SUSE bug 892403 SUSE bug 901223 SUSE bug 901277 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pixman SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This libpng update fixes the following two overflow security issues. * bnc#873123: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). * bnc#873124: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). Security Issue references: * CVE-2013-7353 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353> * CVE-2013-7354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354> SUSE bug 873123 SUSE bug 873124 CVE-2013-7353 CVE-2013-7354 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for poppler SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes problems in DCTStream error handling in poppler. Security Issue reference: * CVE-2010-5110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5110> SUSE bug 845765 CVE-2010-5110 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pulseaudio SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970> SUSE bug 881524 CVE-2014-3970 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The libqt4 library was updated to fix several security issues: * CVE-2015-0295: Division by zero when processing malformed BMP files. (bsc#921999) * CVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling. (bsc#927806) * CVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling. (bsc#927807) * CVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling. (bsc#927808) Security Issues: * CVE-2015-1858 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858> * CVE-2015-1859 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859> * CVE-2015-1860 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860> * CVE-2015-0295 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295> SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 LibreOffice was updated to fix two security issues. These security issues have been fixed: * 'Document as E-mail' vulnerability (bnc#900218). * Impress remote control use-after-free vulnerability (CVE-2014-3693). Security Issues: * CVE-2014-3693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3693> SUSE bug 900214 SUSE bug 900218 CVE-2014-3693 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename &) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color hidden by Default style in writerfilter (bnc#820504) * DOCX document crashes when using internal OOXML filter (bnc#382137) * ugly workaround for external leading with symbol fonts (bnc#823626) * followup fix for exported xlsx causes errors for mso2007 (bnc#823935) * we only support simple labels in the InternalDataProvider (bnc#864396) * RTF import: fix import of numbering bullet associated font (bnc#823675) * page specific footer extended to every pages in DOCX export (bnc#654230) * v:textbox mso-fit-shape-to-text style property in VML import (bnc#820788) * w:spacing in a paragraph should also apply to as-char objects (bnc#780044) * compatibility setting for MS Word wrapping text in less space (bnc#822908) * fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891) Security Issues: * CVE-2014-3575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575> * CVE-2013-4156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156> SUSE bug 382137 SUSE bug 593612 SUSE bug 654230 SUSE bug 753460 SUSE bug 757432 SUSE bug 779620 SUSE bug 779642 SUSE bug 780044 SUSE bug 783433 SUSE bug 802888 SUSE bug 816593 SUSE bug 817956 SUSE bug 819614 SUSE bug 819822 SUSE bug 819865 SUSE bug 820077 SUSE bug 820273 SUSE bug 820503 SUSE bug 820504 SUSE bug 820509 SUSE bug 820788 SUSE bug 820800 SUSE bug 820819 SUSE bug 820836 SUSE bug 821567 SUSE bug 821795 SUSE bug 822908 SUSE bug 823626 SUSE bug 823651 SUSE bug 823655 SUSE bug 823675 SUSE bug 823935 SUSE bug 825305 SUSE bug 825891 SUSE bug 825976 SUSE bug 828390 SUSE bug 828598 SUSE bug 829017 SUSE bug 830205 SUSE bug 831457 SUSE bug 831578 SUSE bug 834035 SUSE bug 834705 SUSE bug 834720 SUSE bug 834722 SUSE bug 835985 SUSE bug 837302 SUSE bug 839727 SUSE bug 862510 SUSE bug 863021 SUSE bug 864396 SUSE bug 870234 SUSE bug 878854 SUSE bug 893141 CVE-2013-4156 CVE-2014-3575 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for librsvg (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libsndfile SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for libsndfile fixes two buffer read overflows in sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796) Security Issues: * CVE-2014-9496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496> SUSE bug 911796 CVE-2014-9496 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for net-snmp SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for net-snmp fixes a remote denial of service problem inside snmptrapd when it is started with the '-OQ' option. (CVE-2014-3565, bnc#894361) Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24 when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222) Security Issues: * CVE-2014-3565 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565> SUSE bug 865222 SUSE bug 894361 CVE-2014-3565 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libssh2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of libssh fixes the following security issue: * When libssh operates in server mode, the randomness pool was not switched on fork, so two pools could operate on the same randomness and could generate the same keys. Security Issue references: * CVE-2014-0017 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017> SUSE bug 866278 CVE-2014-0017 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libssh2_org SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The ssh client library libssh2_org was updated to fix a security issue: * CVE-2015-1782: A malicious server could send a crafted SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a crash of the application using libssh2_org. Security Issues: * CVE-2015-1782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782> SUSE bug 921070 CVE-2015-1782 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libtasn1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libtasn1 has been updated to fix three security issues: * asn1_get_bit_der() could have returned negative bit length (CVE-2014-3468) * Multiple boundary check issues could have allowed DoS (CVE-2014-3467) * Possible DoS by NULL pointer dereference in asn1_read_value_type (CVE-2014-3469) Security Issues: * CVE-2014-3468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468> * CVE-2014-3467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467> * CVE-2014-3469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469> SUSE bug 880735 SUSE bug 880737 SUSE bug 880738 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libtiff SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libvirt has been patched to fix two security issues. Further information is available at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179> and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456> These security issues have been fixed: * Unsafe parsing of XML documents allows arbitrary file read or denial of service (CVE-2014-0179) * Ability to delete or create arbitrary host devices (CVE-2013-6456) Security Issue references: * CVE-2014-0179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179> * CVE-2013-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456> SUSE bug 857490 SUSE bug 873705 CVE-2013-6456 CVE-2014-0179 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libwmf (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Moderate SUSE bug 831299 SUSE bug 933109 SUSE bug 936058 SUSE bug 936062 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openwsman SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901882 CVE-2014-3566 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a denial of service via recursive entity expansion. (CVE-2014-3660) Security Issues: * CVE-2014-3660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660> SUSE bug 901546 CVE-2014-3660 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxslt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libyaml SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This libyaml update fixes the following security issue: * CVE-2014-9130: Assert failure when processing wrapped strings. (bnc#907809) Security Issues: * CVE-2014-9130 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130> SUSE bug 907809 CVE-2014-9130 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lighttpd SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The HTTP server lighttpd was updated to fix the following security issues: * CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name. * CVE-2014-2323: Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd allowed remote attackers to read arbitrary files via .. (dot dot) in the host name. More information can be found on the lighttpd advisory page: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt <http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt> Security Issues references: * CVE-2014-2323 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323> * CVE-2014-2324 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324> SUSE bug 867350 CVE-2014-2323 CVE-2014-2324 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lxc SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The container framework LXC has been updated to fix various bugs and a security issue: * CVE-2013-6441: The sshd template allowed privilege escalation on the host. * SLES container time not aligned with host time (bnc#839653) * SLES container boot takes ages (bnc#839663) * lxc mounts /dev/pts with wrong options (bnc#869663) Security Issues: * CVE-2013-6441 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441> SUSE bug 839653 SUSE bug 839663 SUSE bug 855809 SUSE bug 869663 CVE-2013-6441 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lxc (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mercurial SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 mercurial was updated to fix a potential command injection via sshpeer._validaterepo() (CVE-2014-9462) Security Issues: * CVE-2014-9462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462> SUSE bug 923070 CVE-2014-9462 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mono-core (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla NSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for nagios SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The monitoring service Nagios has been updated to fix potential buffer overflows in its CGI scripts. (CVE-2014-1878) Security Issue reference: * CVE-2014-1878 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878> SUSE bug 864843 CVE-2014-1878 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for net-snmp (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openldap2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) Security Issues: * CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> SUSE bug 846389 SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for OpenSLP SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones. Security Issues: * CVE-2012-4428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4428> SUSE bug 778508 SUSE bug 855385 CVE-2012-4428 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for osc (Low) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update provides osc 0.152.0 with various fixes and improvements. This security issue was fixed: - CVE-2015-0778: Shell command injection via crafted _service files. (bsc#901643) For a comprehensive list of changes, please refer to the package's change log. Low SUSE bug 901643 SUSE bug 936939 CVE-2015-0778 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pam SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update changes the broken default behavior of pam_pwhistory to not enforce checks when the root user requests password changes. In order to enforce pwhistory checks on the root user, the 'enforce_for_root' parameter needs to be set for the pam_pwhistory.so module. This pam update fixes the following security and non-security issues: * bnc#870433: Fixed pam_timestamp path injection problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password Security Issue references: * CVE-2014-2583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583> SUSE bug 848417 SUSE bug 870433 CVE-2014-2583 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for perl SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a memory leak and an infinite recursion in Data::Dumper. (CVE-2014-4330) Security Issues: * CVE-2014-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330> SUSE bug 838333 SUSE bug 896715 CVE-2014-4330 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) Moderate SUSE bug 938719 SUSE bug 938721 CVE-2015-5589 CVE-2015-5590 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074] Important SUSE bug 935074 SUSE bug 942291 SUSE bug 942294 SUSE bug 942295 SUSE bug 942296 SUSE bug 945412 SUSE bug 945428 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for popt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This rpm update fixes the following security and non security issues. * bnc#908128: check for bad invalid name sizes (CVE-2014-8118) * bnc#906803: create files with mode 0 (CVE-2013-6435) * bnc#892431: honor --noglob in install mode Security Issues: * CVE-2014-8118 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118> * CVE-2013-6435 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435> SUSE bug 892431 SUSE bug 906803 SUSE bug 908128 CVE-2013-6435 CVE-2014-8118 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql91 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues: * Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161). For a comprehensive list of fixes, please refer to the following release notes: * http://www.postgresql.org/docs/9.1/static/release-9-1-15.html <http://www.postgresql.org/docs/9.1/static/release-9-1-15.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html <http://www.postgresql.org/docs/9.1/static/release-9-1-14.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html <http://www.postgresql.org/docs/9.1/static/release-9-1-13.html> Security Issues: * CVE-2015-0241 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241> * CVE-2015-0243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243> * CVE-2015-0244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244> * CVE-2014-8161 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161> SUSE bug 916953 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql91 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements. The following vulnerabilities have been fixed: * CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972) * CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973) * CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974) For a comprehensive list of changes, please refer to http://www.postgresql.org/docs/9.1/static/release-9-1-18.html <http://www.postgresql.org/docs/9.1/static/release-9-1-18.html> . This update also includes changes in PostgreSQL's packaging to prepare for the migration to the new major version 9.4. (FATE#316970, bsc#907651) Security Issues: * CVE-2015-3165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165> * CVE-2015-3166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166> * CVE-2015-3167 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167> SUSE bug 907651 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql91 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Moderate SUSE bug 949669 CVE-2015-5288 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ppp SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This ppp update fixes a potential security issue that an unprivileged attacker could access privileged options: * integer overflow in option parsing (CVE-2014-3158, bnc#891489) Security Issues: * CVE-2014-3158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158> SUSE bug 891489 CVE-2014-3158 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pwlib SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes a XML DoS vulnerability in pwlib. CVE-2013-1864 has been assigned to this issue. Security Issue reference: * CVE-2013-1864 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1864> SUSE bug 809917 CVE-2013-1864 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Python was updated to fix one security issue: * Potential wraparound/overflow in buffer() (CVE-2014-7185) As an additional hardening measure SSLv2 has been disabled (bnc#901715). Security Issues: * CVE-2014-7185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185> SUSE bug 898572 SUSE bug 901715 CVE-2014-7185 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for Python fixes the following security issues: * bnc#834601: SSL module does not handle certificates that contain hostnames with NULL bytes. (CVE-2013-4238) * bnc#856836: Various stdlib read flaws. (CVE-2013-1752) Additionally, the following non-security issues have been fixed: * bnc#859068: Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. * bnc#847135: Setting fips=1 at boot time causes problems with Python due to MD5 usage. Security Issue references: * CVE-2013-4073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073> * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 SUSE bug 847135 SUSE bug 856836 SUSE bug 859068 CVE-2013-4073 CVE-2013-4238 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Python was updated to fix a security issue in the socket.recvfrom_into function, where data could be written over the end of the buffer. (CVE-2014-1912) Security Issue reference: * CVE-2014-1912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912> SUSE bug 863741 CVE-2014-1912 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650> SUSE bug 872848 SUSE bug 885882 CVE-2014-4650 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-httplib2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This patch fixes a SSL certificate verification issue in python-httplib2. Security Issue reference: * CVE-2013-2037 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2037> SUSE bug 818100 CVE-2013-2037 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-imaging SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This python-imaging update fixes the following two security issues: * bnc#863541: Fixed insecure temporary file creation and handling (CVE-2014-1932, CVE-2014-1933) Security Issue references: * CVE-2014-1932 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932> * CVE-2014-1933 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933> SUSE bug 863541 CVE-2014-1932 CVE-2014-1933 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-logilab-common SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 With this update multiple temporary file vulnerabilities have been fixed (CVE-2014-1838). Security Issue references: * CVE-2014-1838 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1838> * CVE-2014-1839 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1839> SUSE bug 861822 CVE-2014-1838 CVE-2014-1839 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-lxml SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This security update for python-lxml fixes a input sanitization flaw in clean_html. (CVE-2014-3146) Security Issues: * CVE-2014-3146 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146> SUSE bug 877258 CVE-2014-3146 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-setuptools SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 python-setuptools so far used only HTTP to retrieve packages, which could have lead to man in the middle attacks on newly installed python code. This update adjusts it to use HTTPS, guaranteeing better connection integrity. Security Issue reference: * CVE-2013-1633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1633> SUSE bug 843759 CVE-2013-1633 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Recommended update for python-setuptools (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 python-setuptools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189) Moderate SUSE bug 930189 CVE-2013-7440 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for quagga SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of quagga fixes two security issues: * CVE-2013-0149: specially-crafted OSPF packets could have caused the routing table to be erased (bnc#822572) * CVE-2013-2236: local network stack overflow (bnc#828117) Security Issue references: * CVE-2013-2236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236> * CVE-2013-0149 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0149> SUSE bug 822572 SUSE bug 828117 CVE-2013-0149 CVE-2013-2236 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-activerecord-2_3 and rubygem-activesupport-2_3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Various Ruby gems were released where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files. SUSE bug 864873 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-activesupport SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Various ruby gems were released with the previous update where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files (bnc#864873). SUSE bug 864873 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for sendmail SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 sendmail has been updated to fix the following security issue: * Not properly closing file descriptors before executing programs (CVE-2014-3956). Security Issues: * CVE-2014-3956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956> SUSE bug 881284 CVE-2014-3956 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Ruby SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This Ruby update fixes the following security issue: * bnc#808137: Fixed entity expansion DoS vulnerability in REXML (CVE-2013-1821). Security Issue reference: * CVE-2013-1821 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821> SUSE bug 808137 CVE-2013-1821 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-actionpack-2_1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issue with rubygem-actionpack: * bnc#853632: number_to_currency XSS (CVE-2013-6415) Security Issue reference: * CVE-2013-6415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415> SUSE bug 853632 CVE-2013-6415 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-actionpack-2_3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Rubygem Actionpack was updated to fix a cross-site scripting vulnerability: * CVE-2014-0081: XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human. Security Issue reference: * CVE-2014-0081 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081> SUSE bug 864433 SUSE bug 864873 CVE-2014-0081 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-activesupport-3_2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Rubygem ActiveSupport received a security fix: CVE-2013-4389: A possible DoS vulnerability in the log subscriber component was fixed. Security Issue reference: * CVE-2013-4389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389> SUSE bug 846239 CVE-2013-4389 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-activesupport-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). Moderate SUSE bug 934800 CVE-2015-3227 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-activesupport-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for rubygem-activesupport-3_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Moderate SUSE bug 963329 CVE-2015-7576 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-bundler SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Rubygem Bundler was updated to 1.7.0. Bundler 1.7 is a security-only release to address CVE-2013-0334, a vulnerability where a gem might be installed from an unintended source server, particularly while using both rubygems.org and gems.github.com. Upstream changes entry with more explanations: Any Gemfile with multiple top-level source lines cannot reliably control the gem server that a particular gem is fetched from. As a result, Bundler might install the wrong gem if more than one source provides a gem with the same name. This is especially possible in the case of Github's legacy gem server, hosted at gems.github.com. An attacker might create a malicious gem on Rubygems.org with the same name as a commonly-used Github gem. From that point forward, running bundle install might result in the malicious gem being used instead of the expected gem. To mitigate this, the Bundler and Rubygems.org teams worked together to copy almost every gem hosted on gems.github.com to rubygems.org, reducing the number of gems that can be used for such an attack. Resolution: To resolve this issue, upgrade to Bundler 1.7 by running gem install bundler. The next time you run bundle install for any Gemfile that contains multiple sources, each gem available from multiple sources will print a warning. For every warning printed, edit the Gemfile to either specify a :source option for that gem, or move the gem line into a block that is passed to a source method call. For detailed information about the changes to how sources are handled in Bundler version 1.7, see the release announcement. Security Issues: * CVE-2013-0334 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0334> SUSE bug 898205 CVE-2013-0334 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-i18n-0_6 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-i18-0_6 was updated to fix a security issue: * Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. Additionally the package requires ruby directly now, and also applies the security patch to the bundled .gem file. Security Issues references: * CVE-2013-4492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492> SUSE bug 854166 SUSE bug 855139 SUSE bug 864873 CVE-2013-4492 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-mail-2_3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Various Ruby gems were released where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files. (bnc#864873) SUSE bug 864873 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-rack (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-rack was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797). Moderate SUSE bug 934797 CVE-2015-3225 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-rack-1_4 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-rack-1_4 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797) Moderate SUSE bug 934797 CVE-2015-3225 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-rack-ssl SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for rubygem-rack-ssl fixes a cross-site scripting (XSS) vulnerability in error page. Security Issue reference: * CVE-2014-2538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2538> SUSE bug 869162 CVE-2014-2538 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rxvt-unicode SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 rxvt-unicode was updated to ensure that window property values can not be queried in secure mode. (CVE-2014-3121) Security Issue reference: * CVE-2014-3121 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121> SUSE bug 876101 CVE-2014-3121 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 936862 SUSE bug 967017 SUSE bug 971965 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Samba SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Samba has been updated to fix one security issue: * CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed: * Realign the winbind request structure following require_membership_of field expansion (bnc#913001). * Reuse connections derived from DFS referrals (bso#10123, fate#316512). * Set domain/workgroup based on authentication callback value (bso#11059). * Fix spoolss error response marshalling (bso#10984). * Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). * Fix handling of bad EnumJobs levels (bso#10898). * Fix small memory-leak in the background print process; (bnc#899558). * Prune idle or hung connections older than 'winbind request timeout' (bso#3204, bnc#872912). Security Issues: * CVE-2015-0240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240> SUSE bug 872912 SUSE bug 898031 SUSE bug 899558 SUSE bug 913001 SUSE bug 917376 CVE-2015-0240 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for shim SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 shim has been updated to fix three security issues: * OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). * Memory corruption when processing user provided MOK lists (CVE-2014-3677). Security Issues: * CVE-2014-3675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675> * CVE-2014-3676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676> * CVE-2014-3677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677> SUSE bug 813448 SUSE bug 863205 SUSE bug 866690 SUSE bug 875385 SUSE bug 889332 SUSE bug 889765 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for struts SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Apache Struts was updated to fix a security issue: * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to 'manipulate' the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. Security Issue reference: * CVE-2014-0114 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114> SUSE bug 875455 CVE-2014-0114 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for subversion SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 subversion has been updated to fix one security problem: * bnc#889849: Reveal authentication information through an md5 collision attack on authentication realm (CVE-2014-3528) Security Issues: * CVE-2014-3528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528> SUSE bug 889849 CVE-2014-3528 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for tidy (Low) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Low SUSE bug 933588 CVE-2015-5522 CVE-2015-5523 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 wireshark has been updated to version 1.10.11 to fix five security issues. These security issues have been fixed: * SigComp UDVM buffer overflow (CVE-2014-8710). * AMQP dissector crash (CVE-2014-8711). * NCP dissector crashes (CVE-2014-8712, CVE-2014-8713). * TN5250 infinite loops (CVE-2014-8714). This non-security issue has been fixed: * enable zlib (bnc#899303). Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html <https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html> Security Issues: * CVE-2014-8711 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711> * CVE-2014-8710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710> * CVE-2014-8714 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714> * CVE-2014-8712 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712> * CVE-2014-8713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713> SUSE bug 899303 SUSE bug 905245 SUSE bug 905246 SUSE bug 905247 SUSE bug 905248 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark (Low) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xalan-j2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xalan-j2 has been updated to ensure that secure processing can't be circumvented (CVE-2014-0107). Security Issues: * CVE-2014-0107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107> SUSE bug 870082 CVE-2014-0107 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Xen was updated to fix two security issues and a bug: * CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. * CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. * An exception in setCPUAffinity when restoring guests. (bsc#910441) Security Issues: * CVE-2015-3456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456> * CVE-2015-3340 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340> SUSE bug 910441 SUSE bug 927967 SUSE bug 929339 CVE-2015-3456 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Xen has been updated to version 4.2.5 with additional patches to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor (CVE-2014-8867). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). These non-security issues have been fixed: * Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). * Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). * Increase limit domUloader to 32MB (bnc#901317). * Adjust xentop column layout (bnc#896023). Security Issues: * CVE-2014-9030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9030> * CVE-2014-8867 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867> * CVE-2014-8866 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866> * CVE-2014-8595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595> * CVE-2014-8594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8594> SUSE bug 866902 SUSE bug 882089 SUSE bug 896023 SUSE bug 901317 SUSE bug 903850 SUSE bug 903967 SUSE bug 903970 SUSE bug 905465 SUSE bug 905467 SUSE bug 906439 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Important SUSE bug 922709 SUSE bug 932996 SUSE bug 935634 SUSE bug 938344 SUSE bug 939709 SUSE bug 939712 CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xen was updated to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bsc#941074: Device 51728 could not be connected. Hotplug scripts not working Important SUSE bug 877642 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 941074 SUSE bug 944463 SUSE bug 944697 SUSE bug 947165 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues: The following security issues have been addressed: * CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55) * CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55) * CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55) * CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54) * CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53) * CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57) * CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. Also the following bugs have been fixed: * performance issues in mirror lvm (bnc#801663) * aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085) * Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269) * Did not boot with i915 graphics controller with VT-d enabled (bnc#817210) Security Issue references: * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> SUSE bug 801663 SUSE bug 808085 SUSE bug 808269 SUSE bug 817210 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 SUSE bug 823011 SUSE bug 823608 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing vif ratelimiting info * CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub * CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure * CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed: * Boot failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3 (bnc#835896) * SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary (bnc#836239) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3 (bnc#817799) * Various upstream fixes have been included. Security Issues: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4369> * CVE-2013-4370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4370> * CVE-2013-4371 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 817799 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833483 SUSE bug 833796 SUSE bug 834751 SUSE bug 835896 SUSE bug 836239 SUSE bug 839596 SUSE bug 839600 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 842512 SUSE bug 842513 SUSE bug 842514 SUSE bug 842515 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-1918 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Xen hypervisor and tool-suite have been updated to fix security issues and bugs: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. * CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. * CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. * CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked. * CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed: * bnc#840997: It is possible to start a VM twice on the same node. * bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. * bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. * bnc#846849: Soft lock-up with PCI pass-through and many VCPUs. * bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'. * Increase the maximum supported CPUs in the Hypervisor to 512. Security Issues: * CVE-2013-1922 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922> * CVE-2013-2007 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> * CVE-2013-4551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4551> * CVE-2013-4553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553> * CVE-2013-4554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554> SUSE bug 833483 SUSE bug 840997 SUSE bug 842417 SUSE bug 846849 SUSE bug 848014 SUSE bug 848657 SUSE bug 849665 SUSE bug 849667 SUSE bug 849668 SUSE bug 851386 CVE-2013-1922 CVE-2013-2007 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and toolset has been updated to 4.2.4 to fix various bugs and security issues: The following security issues have been addressed: * XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) * XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. (bnc#853048) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. (bnc#860092) * XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) * XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) * XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) * XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. (bnc#860165) * XSA-86: CVE-2014-1896: libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring. (bnc#860300) * XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) * XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) Also the following non-security bugs have been fixed: * Fixed boot problems with Xen kernel. '(XEN) setup 0000:00:18.0 for d0 failed (-19)' (bnc#858311) * Fixed Xen hypervisor panic on 8-blades nPar with 46-bit memory addressing. (bnc#848014) * Fixed Xen hypervisor panic in HP's UEFI x86_64 platform and with xen environment, in booting stage. (bnc#833251) * xend/pvscsi: recognize also SCSI CDROM devices (bnc#863297) * pygrub: Support (/dev/xvda) style disk specifications Security Issue references: * CVE-2013-2212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212> * CVE-2013-6400 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6400> * CVE-2013-6885 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885> * CVE-2014-1642 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1642> * CVE-2014-1666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666> * CVE-2014-1891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891> * CVE-2014-1892 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892> * CVE-2014-1893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893> * CVE-2014-1894 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894> * CVE-2014-1895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1895> * CVE-2014-1896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896> * CVE-2014-1950 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950> SUSE bug 831120 SUSE bug 833251 SUSE bug 848014 SUSE bug 853048 SUSE bug 853049 SUSE bug 858311 SUSE bug 860092 SUSE bug 860163 SUSE bug 860165 SUSE bug 860300 SUSE bug 860302 SUSE bug 861256 SUSE bug 863297 CVE-2013-2212 CVE-2013-6400 CVE-2013-6885 CVE-2014-1642 CVE-2014-1666 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 CVE-2014-1895 CVE-2014-1896 CVE-2014-1950 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344> * CVE-2013-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-3967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967> * CVE-2014-3968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188> SUSE bug 798770 SUSE bug 833483 SUSE bug 842006 SUSE bug 858178 SUSE bug 862608 SUSE bug 864801 SUSE bug 865682 SUSE bug 867910 SUSE bug 878841 SUSE bug 880751 SUSE bug 881900 SUSE bug 882092 SUSE bug 891539 SUSE bug 895798 SUSE bug 895799 SUSE bug 895802 SUSE bug 897657 CVE-2013-4344 CVE-2013-4540 CVE-2014-2599 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests. * XSA-125: Long latency MMIO mapping operations were not preemptible. * CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. * CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. * CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Also fixed: * Fully virtualized guest install from network source failed with 'cannot find guest domain' in XEN. (bsc#919341) Security Issues: * CVE-2015-2044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044> * CVE-2015-2045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045> * CVE-2015-2151 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151> * CVE-2015-2756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756> SUSE bug 918995 SUSE bug 918998 SUSE bug 919341 SUSE bug 919464 SUSE bug 922705 SUSE bug 922706 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2756 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 Xen was updated to fix seven security vulnerabilities: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bnc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bnc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bnc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bnc#931628) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior. (XSA-134, bnc#932790) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bnc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bnc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932790 SUSE bug 932996 CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xfsprogs (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libs SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html <http://lists.x.org/archives/xorg-announce/2014-May/002431.html> . Security Issues references: * CVE-2014-0209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209> * CVE-2014-0210 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210> * CVE-2014-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211> SUSE bug 857544 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libX11 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libX11 fixes several security issues. Bug 815451/821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Security Issues: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXext SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXext fixes several integer overflow issues. Bug 815451/821665 CVE-2013-1982 Security Issues: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXfixes fixed a integer overflow issue. Bug 815451/821667 CVE-2013-1983 Security Issues: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXp SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 Security Issues: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXrender SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXrender fixes several integer overflow issues. Bug 815451/821669 CVE-2013-1987 Security Issues: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXt SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXt fixes several integer and buffer overflow issues. Bug 815451/821670 CVE-2013-2002/CVE-2013-2005 Security Issues: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXv SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 This update of xorg-x11-libXv fixes several integer and buffer overflow issues. Bug 815451/821671 CVE-2013-1989/CVE-2013-2066 Security Issues: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/a:suse:sle-sdk:11:sp3 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Botan (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for Botan fixes the following issues: - CVE-2015-7827: PKCS #1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack (bsc#968030) - CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a denial-of-service (bsc#1013209) Moderate SUSE bug 1013209 SUSE bug 968030 CVE-2015-7827 CVE-2016-9132 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for Botan (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for Botan fixes the following issues: - CVE-2015-7827: PKCS #1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack (bsc#968030) - CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a denial-of-service (bsc#1013209) Moderate SUSE bug 1013209 SUSE bug 968030 CVE-2015-7827 CVE-2016-9132 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - Security update Remote Code Execution / Local File read [bsc#978061] CVE-2016-3714, CVE-2016-3715, CVE-2016-3717, CVE-2016-3718 - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using GraphicsMagick's 'tmp:' file specification syntax. - CVE-2016-3717: Possible local file read by using GraphicsMagick's 'txt:' file specification syntax. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Moderate SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via special filenames (bnc#982178). - CVE-2013-4589: The ExportAlphaQuantumType function in export.c in GraphicsMagick might have allowed remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image (bsc#851064). - CVE-2015-8808: Out-of-bound read in the parsing of GIF files (bnc#965574). Important SUSE bug 851064 SUSE bug 965574 SUSE bug 982178 CVE-2013-4589 CVE-2015-8808 CVE-2016-5118 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 GraphicsMagick was updated to fix 37 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (bsc#983309). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (bsc#983455). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). Important SUSE bug 965853 SUSE bug 983234 SUSE bug 983259 SUSE bug 983309 SUSE bug 983455 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983752 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984166 SUSE bug 984181 SUSE bug 984193 SUSE bug 984372 SUSE bug 984373 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 CVE-2014-9805 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9839 CVE-2014-9840 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9853 CVE-2015-8894 CVE-2015-8896 CVE-2015-8901 CVE-2015-8903 CVE-2016-2317 CVE-2016-2318 CVE-2016-5240 CVE-2016-5241 CVE-2016-5688 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449: various issues fixed in 1.3.25 (bsc#999673) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - Divide by zero in WriteTIFFImage (bsc#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) Moderate SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000700 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000711 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 999673 CVE-2015-8957 CVE-2015-8958 CVE-2016-6823 CVE-2016-7101 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7519 CVE-2016-7522 CVE-2016-7524 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] Low SUSE bug 1007245 CVE-2016-8862 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8866 Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] * CVE-2016-9830: Memory allocation failure in MagickRealloc (memory.c) (bsc#1013640). Moderate SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013640 SUSE bug 1017421 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9830 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310). - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311). - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312). - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321). - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322). - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448). Moderate SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017318 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10059 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10146 CVE-2017-5511 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2017-6335: Heap out of bounds write issue when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required (bsc#1027255). Moderate SUSE bug 1027255 CVE-2017-6335 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985). The previous fix for CVE-2014-9847 (bsc#984144) was incorrect and incomplete and has been refreshed. - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1033091 SUSE bug 1034876 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036990 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040304 SUSE bug 1040332 SUSE bug 984144 CVE-2014-9847 CVE-2017-7606 CVE-2017-7941 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8355 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9142 CVE-2017-9144 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-8350: The PNG/JNG decoder recieved an incremental fix, fixing some related issues in the same code. (bsc#1036985) - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: The ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file (bsc#1049072) - CVE-2017-11643: A heap overflow in WriteCMYKImage()function in coders/cmyk.c was fixed (bsc#1050611) - CVE-2017-11636: A heap overflow in WriteRGBImage() in coders/rgb.c was fixed (bsc#1050674) Important SUSE bug 1036985 SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 SUSE bug 1050611 SUSE bug 1050674 CVE-2017-11403 CVE-2017-11636 CVE-2017-11643 CVE-2017-8350 CVE-2017-9439 CVE-2017-9501 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - CVE-2017-15033: A denial of service attack (memory leak) in ReadYUVImage in coders/yuv.c was fixed (bsc#1061873) - CVE-2017-13063: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055050) - CVE-2017-13064: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055042) - CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598) - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430) - CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596) - CVE-2017-11534: A Memory Leak in the lite_font_map() function in coders/wmf.c was fixed (bsc#1050135) Moderate SUSE bug 1050135 SUSE bug 1054596 SUSE bug 1054598 SUSE bug 1055042 SUSE bug 1055050 SUSE bug 1055430 SUSE bug 1061873 CVE-2017-11534 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13139 CVE-2017-15033 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c could lead to denial of service [bsc#1050632] * CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead to denial of service [bsc#1058637] * CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: coders/wpg.c allows remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056429] * CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056426] * CVE-2017-13134: heap-based buffer over-read in the function SFWScan in coders/sfw.c could lead to denial of service via a crafted file [bsc#1055214] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. [bsc#1054757] * CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. [bsc#1057508] * CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function in coders\pwp.c. [bsc#1052450] Important SUSE bug 1050632 SUSE bug 1052450 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056426 SUSE bug 1056429 SUSE bug 1057508 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2016-7996 CVE-2017-11640 CVE-2017-12587 CVE-2017-12983 CVE-2017-13134 CVE-2017-13776 CVE-2017-13777 CVE-2017-14165 CVE-2017-14341 CVE-2017-14342 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422) - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422) - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550) - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063) - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460) - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large 'length' field in the header but did not contain sufficient backing data, is provided, the loop over 'length' would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723) - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050) - CVE-2017-14733: ReadRLEImage in coders/rle.c mishandled RLE headers that specified too few colors, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file (bsc#1060577). - CVE-2017-12662: Fixed a memory leak vulnerability in WritePDFImage in coders/pdf.c (bsc#1052758). - CVE-2017-14994: ReadDCMImage in coders/dcm.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames (bsc#1061587). - CVE-2017-12140: The ReadDCMImage function in coders\dcm.c had an integer signedness error leading to excessive memory consumption via a crafted DCM file (bsc#1051847). - CVE-2017-12644: Fixed memory leak vulnerability in ReadDCMImage in coders\dcm.c (bsc#1052764). - CVE-2017-11188: The ReadDPXImage function in coders\dpx.c had a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check (bsc#1048457). - CVE-2017-10799: When processing a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) could have occurred in ReadDPXImage() (bsc#1047054). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - CVE-2017-16547: The DrawImage function in magick/render.c did not properly look for pop keywords that are associated with push keywords, which allowed remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file (bsc#1067177). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975). - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969). Moderate SUSE bug 1047044 SUSE bug 1047054 SUSE bug 1048457 SUSE bug 1049373 SUSE bug 1050129 SUSE bug 1051412 SUSE bug 1051847 SUSE bug 1052252 SUSE bug 1052460 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1052771 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058082 SUSE bug 1058422 SUSE bug 1060577 SUSE bug 1061587 SUSE bug 1063050 SUSE bug 1067177 SUSE bug 1074969 SUSE bug 1074975 CVE-2017-10799 CVE-2017-10800 CVE-2017-11188 CVE-2017-11449 CVE-2017-11532 CVE-2017-12140 CVE-2017-12430 CVE-2017-12563 CVE-2017-12642 CVE-2017-12644 CVE-2017-12662 CVE-2017-12691 CVE-2017-13061 CVE-2017-14042 CVE-2017-14174 CVE-2017-14249 CVE-2017-14343 CVE-2017-14733 CVE-2017-14994 CVE-2017-15277 CVE-2017-16547 CVE-2017-18022 CVE-2018-5247 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11102: The ReadOneJNGImage function allowed remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure (bsc#1047910). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-15238: ReadOneJNGImage had a use-after-free issue when the height or width is zero, related to ReadJNGImage (bsc#1067198). - CVE-2017-17782: Prevent heap-based buffer over-read in ReadOneJNGImage related to oFFs chunk allocation (bsc#1073690). - CVE-2017-17501: WriteOnePNGImage had a heap-based buffer over-read that could be triggered via a crafted file (bsc#1074023). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17915: Prevent heap-based buffer over-read in ReadMNGImage when accessing one byte testing whether a limit has been reached (bsc#1074175). Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1047910 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050100 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055038 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1067198 SUSE bug 1073690 SUSE bug 1074023 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074175 SUSE bug 1075939 CVE-2014-9811 CVE-2017-10995 CVE-2017-11102 CVE-2017-11505 CVE-2017-11526 CVE-2017-11539 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13065 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14174 CVE-2017-14649 CVE-2017-15218 CVE-2017-15238 CVE-2017-16669 CVE-2017-17501 CVE-2017-17504 CVE-2017-17782 CVE-2017-17879 CVE-2017-17884 CVE-2017-17915 CVE-2017-8352 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - CVE-2017-9407: The ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11140: coders/jpeg.c allowed remote attackers to cause a denial of service (application crash). [boo#1047900] - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed [boo#1049374] - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: A memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12668: A memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: A memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. [boo#1058009] - CVE-2017-17502: ReadCMYKImage in ImportCMYKQuantumType had a heap-based buffer over-read via a crafted file. [boo#1073081] - CVE-2017-17912: A heap-based buffer over-read in ReadNewsProfile in coders/tiff.c was fixed. [boo#1074307] - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. [boo#1076182] - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-17503: A heap-based buffer overflow in the ReadGRAYImage was fixed (bsc#1072934) Moderate SUSE bug 1042824 SUSE bug 1047900 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1058009 SUSE bug 1072934 SUSE bug 1073081 SUSE bug 1074307 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11140 CVE-2017-11448 CVE-2017-11450 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12668 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17502 CVE-2017-17503 CVE-2017-17912 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) - CVE-2017-17500: A heap-based buffer overflow (read) in the ImportRGBQuantumType was fixed. (bsc#1077737) Moderate SUSE bug 1042911 SUSE bug 1050119 SUSE bug 1050132 SUSE bug 1052754 SUSE bug 1072898 SUSE bug 1077737 CVE-2017-11528 CVE-2017-11533 CVE-2017-12663 CVE-2017-17500 CVE-2017-17682 CVE-2017-9405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060) - CVE-2017-18230: Prevent NULL pointer dereference in the function ReadCINEONImage, which allowed attackers to cause a denial of service via a crafted file (bsc#1085233). - CVE-2017-18220: The ReadOneJNGImage and ReadJNGImage functions allowed remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file (bsc#1084062). Moderate SUSE bug 1050087 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1084060 SUSE bug 1084062 SUSE bug 1085233 CVE-2017-11524 CVE-2017-12691 CVE-2017-12693 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-18220 CVE-2017-18230 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] Moderate SUSE bug 1086773 SUSE bug 1087027 SUSE bug 1087037 CVE-2017-18251 CVE-2017-18254 CVE-2018-9018 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: * CVE-2017-18229: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which could allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. [bsc#1085236] * CVE-2017-11641: A memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files could lead to denial of servic3. [bsc#1050623] * CVE-2017-13066: A memory leak vulnerability in the function CloneImage in magick/image.c could lead to denial of service [bsc#1055010] * CVE-2018-10177: An infinite loop when reading MNG was fixed which could lead to a denial of service (hang) [bsc#1089781] Moderate SUSE bug 1050623 SUSE bug 1055010 SUSE bug 1085236 SUSE bug 1089781 CVE-2017-11641 CVE-2017-13066 CVE-2017-18229 CVE-2018-10177 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: The following security issues were addressed: - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in theTracePoint() function in MagickCore/draw.c, which allows attackers to cause a denial of service (bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, and gray.c (bsc#1095812) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) Moderate SUSE bug 1056277 SUSE bug 1094204 SUSE bug 1095812 SUSE bug 1102007 CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-14435 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: - Disable PS and PDF coders by default, remove gs calls from delegates.mgk (bsc#1105592) Important SUSE bug 1105592 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619). - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612). - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609). - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604). - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-16749: A missing NULL check in ReadOneJNGImage allowed remote attackers to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (bsc#1108282) Low SUSE bug 1106855 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1107619 SUSE bug 1108282 SUSE bug 1108283 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage() (bsc#1113064). - CVE-2017-10794: Fixed buffer overflow in RGB TIFF picture processing (bsc#1112392). - CVE-2017-14997: Fixed integer underflow in ReadPICTImage in coders/pict.c (bsc#1112399). - CVE-2018-20185: Fixed heap-based buffer over-read in the ReadBMPImage function of bmp.c (bsc#1119823) - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822) Regressions fixed after security update: - CVE-2017-12663: Fixed memory leak in WriteMAPImage in coders/map.c (bsc#1052754). - CVE-2017-9405: Fixed memory leak in the ReadICONImage function (bsc#1042911). - CVE-2018-6405: Fixed ReadDCMImage function in coders/dcm (bsc#1078433). Non-security issues fixed: - debug_build: build more suitable for debugging Moderate SUSE bug 1042911 SUSE bug 1052754 SUSE bug 1078433 SUSE bug 1112392 SUSE bug 1112399 SUSE bug 1113064 SUSE bug 1119822 SUSE bug 1119823 CVE-2017-10794 CVE-2017-12663 CVE-2017-14997 CVE-2017-9405 CVE-2018-18544 CVE-2018-20184 CVE-2018-20185 CVE-2018-6405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for GraphicsMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381) - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). Moderate SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vulnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Important SUSE bug 978061 CVE-2016-3714 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Important SUSE bug 982178 CVE-2016-5118 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 ImageMagick was updated to fix 55 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent file descriptr leak due to corrupted file (bsc#983774). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9820: heap overflow in xpm files (bsc#984150). - CVE-2014-9823: heap overflow in palm file (bsc#984401). - CVE-2014-9822: heap overflow in quantum file (bsc#984187). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9807: Fix a double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). Important SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984181 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9842 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] Moderate SUSE bug 991445 SUSE bug 991872 CVE-2016-6491 CVE-2016-6520 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Important SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000709 SUSE bug 1000711 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1007245 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-5687 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7533 CVE-2016-7535 CVE-2016-7537 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] * CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Moderate SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2016-7530 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433). - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436). - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439). - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5511 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Important SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9501 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135). - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219). - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430). - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873). Moderate SUSE bug 1050135 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2017-11534 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060577 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 CVE-2017-11188 CVE-2017-11478 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14733 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422). - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422). - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550). - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049). - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063). - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460). - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large 'length' field in the header but did not contain sufficient backing data, is provided, the loop over 'length' would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723). - CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053). - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050). Moderate SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720). - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065). - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446). - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731). - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732). - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323). - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434). - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898). - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120). - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468). - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550). - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710). - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640). - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606). - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855). - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751). - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123). - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373) - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252) - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771) - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082) - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425). - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412). - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902). - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122). - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) Moderate SUSE bug 1042948 SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1049373 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051412 SUSE bug 1051446 SUSE bug 1052252 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1052771 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058082 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074123 SUSE bug 1074425 SUSE bug 1074610 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-11141 CVE-2017-11449 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 CVE-2017-12430 CVE-2017-12434 CVE-2017-12564 CVE-2017-12642 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14249 CVE-2017-14326 CVE-2017-14533 CVE-2017-17680 CVE-2017-17881 CVE-2017-17882 CVE-2017-18022 CVE-2017-9409 CVE-2018-5246 CVE-2018-5247 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635). - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185) - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - Prevent memory leak in svg.c, which allowed attackers to cause a denial of service via a crafted SVG image file (bsc#1074120) - Prevent small memory leak when processing PWP image files (bsc#1074309) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Moderate SUSE bug 1042824 SUSE bug 1048110 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1058009 SUSE bug 1074119 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11448 CVE-2017-11450 CVE-2017-11537 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17885 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) Moderate SUSE bug 1042911 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050132 SUSE bug 1052754 SUSE bug 1072898 CVE-2017-11528 CVE-2017-11530 CVE-2017-11533 CVE-2017-12663 CVE-2017-17682 CVE-2017-9405 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1084060 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-9500 CVE-2018-7443 CVE-2018-8804 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781) - security update (wand) * CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (core) * CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (tiff.c) * CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782) Moderate SUSE bug 1047356 SUSE bug 1086773 SUSE bug 1086782 SUSE bug 1087027 SUSE bug 1087033 SUSE bug 1087037 SUSE bug 1089781 CVE-2017-1000476 CVE-2017-10928 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Moderate SUSE bug 1056277 SUSE bug 1094204 SUSE bug 1094237 SUSE bug 1095812 SUSE bug 1098545 SUSE bug 1098546 SUSE bug 1102003 SUSE bug 1102004 SUSE bug 1102005 SUSE bug 1102007 CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable (bsc#1105592) Important SUSE bug 1105592 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Moderate SUSE bug 1074170 SUSE bug 1106855 SUSE bug 1106989 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1108282 SUSE bug 1108283 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399) - CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609) - CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129) - CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635) Moderate SUSE bug 1050129 SUSE bug 1050635 SUSE bug 1107609 SUSE bug 1112399 CVE-2017-11532 CVE-2017-11639 CVE-2017-14997 CVE-2018-16644 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1113064 SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Important SUSE bug 1017711 SUSE bug 1017712 CVE-2016-9941 CVE-2016-9942 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). Moderate SUSE bug 1081493 CVE-2018-7225 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Important SUSE bug 967087 CVE-2016-1523 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Important SUSE bug 977333 SUSE bug 977374 SUSE bug 977376 SUSE bug 977381 SUSE bug 977386 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2831 CVE-2016-2834 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Important SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Important SUSE bug 1027527 SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes: - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Important SUSE bug 1025108 SUSE bug 1031485 SUSE bug 1035082 SUSE bug 1043960 SUSE bug 930392 SUSE bug 930496 SUSE bug 935510 SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes: - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Important SUSE bug 1031485 SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix: * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes * Enable atomic instructions on mips (bmo#1129878) * Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for OpenEXR (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for OpenEXR fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) * CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for SDL (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for SDL_image (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for SDL_image fixes the following issues: - CVE-2017-14442: A specially crafted BMP image could have caused a stack overflow for an attacker that can display a specially crafted image (bsc#1084304). - CVE-2017-14450: A specially crafted GIF image could have caused a buffer overflow on a global section for an attacker that can display an image (bsc#1084288). - CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a heap overflow resulting in code execution. (bsc#1084256). - CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a stack overflow resulting in code execution. (bsc#1084257). - CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (bsc#1084303). - CVE-2018-3839: An exploitable code execution vulnerability exists in the XCF image rendering functionality. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. (bsc#1089087). Moderate SUSE bug 1084256 SUSE bug 1084257 SUSE bug 1084288 SUSE bug 1084303 SUSE bug 1084304 SUSE bug 1089087 CVE-2017-12122 CVE-2017-14440 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3839 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for SDL_image (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for SDL_image fixes the following issues: Security issue fixed: - CVE-2018-3977: Fixed a heap overflow issue (bsc#1114519). Moderate SUSE bug 1114519 CVE-2018-3977 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Moderate SUSE bug 939709 SUSE bug 939712 CVE-2015-5165 CVE-2015-5166 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for Xerces-c (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for Xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630). - CVE-2016-4463: Prevent stack-based buffer overflow that allowed context-dependent attackers to cause a denial of service via a deeply nested DTD (bsc#985860). Moderate SUSE bug 1083630 SUSE bug 985860 CVE-2016-4463 CVE-2017-12627 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ant (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to 'true' Moderate SUSE bug 1100053 CVE-2018-10886 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183) Bugs fixed: - add SSLSessionTickets directive (bsc#941676) - hardcode modules %files (bsc#444878) - only enable the port 443 for TCP protocol, not UDP. (bsc#931002) Moderate SUSE bug 444878 SUSE bug 931002 SUSE bug 938728 SUSE bug 941676 CVE-2015-3183 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) Moderate SUSE bug 988488 CVE-2016-5387 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715). Moderate SUSE bug 1016714 SUSE bug 1016715 CVE-2016-2161 CVE-2016-8743 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830) - Don't put the backend in error state (by default) when 500/503 error code is overridden. (bsc#951692) - Allow single-char field names inadvertently disallowed in 2.2.32. Moderate SUSE bug 1041830 SUSE bug 1048576 SUSE bug 951692 CVE-2017-9788 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Moderate SUSE bug 1045060 SUSE bug 1045061 SUSE bug 1045062 SUSE bug 1045065 SUSE bug 1052830 SUSE bug 1058058 SUSE bug 1064561 CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775] Moderate SUSE bug 1086775 SUSE bug 1086776 SUSE bug 1086817 CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Important SUSE bug 1131239 SUSE bug 1131241 CVE-2019-0217 CVE-2019-0220 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2-mod_fcgid (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for apache2-mod_fcgid fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-1000104). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988492) Moderate SUSE bug 988492 CVE-2016-1000104 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for audiofile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Moderate SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for augeas (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for augeas (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for augeas fixes the following issues: Security issues fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). - CVE-2014-8119: Fix improper handling of escaped strings leading to memory corruption (bsc#925225). Moderate SUSE bug 1054171 SUSE bug 925225 CVE-2014-8119 CVE-2017-7555 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for avahi (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bash (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396) The following bugs were fixed: - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps. - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not. Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 959755 SUSE bug 971410 CVE-2016-0634 CVE-2016-7543 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bash (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) Low SUSE bug 1010845 SUSE bug 1031729 SUSE bug 976776 CVE-2016-9401 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Critical) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Moderate SUSE bug 1024130 CVE-2017-3135 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Important SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Important SUSE bug 1034162 CVE-2017-3137 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bsdtar (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bsh2 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for bsh2 fixes the following issue: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see https://github.com/beanshell/beanshell/releases/tag/2.0b6 for more information. Important SUSE bug 967593 CVE-2016-2510 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Fixing security issues on OBS toolchain (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This OBS toolchain update fixes the following issues: Package 'build': - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) - Fixed Dockerfile repository parsing Package 'obs-service-source_validator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265) - Update to version 0.7. - Use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) - obs-service-source_validator: several occurrences of uninitialized value (bsc#967610) - hack for util-linux specfiles (bnc#891829) - fix dependency to gnupg2 for Fedora (bnc#827480) - exit if tmpdir creation fails (bnc#796918) Package 'osc': - Update to version 0.162.0. Important SUSE bug 1059858 SUSE bug 1069904 SUSE bug 796918 SUSE bug 827480 SUSE bug 891829 SUSE bug 938556 SUSE bug 967265 SUSE bug 967610 CVE-2016-4007 CVE-2017-14804 CVE-2017-9274 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bzr (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Bzr was updated to fix a security issue: - CVE-2017-14176: Avoid code execution using ssh:// url injection (boo#1058214) Moderate SUSE bug 1058214 CVE-2017-14176 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cairo (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS (bsc#1049092). - CVE-2017-7475: Fix a segfault in get_bitmap_surface due to malformed font (bsc#1036789). Moderate SUSE bug 1007255 SUSE bug 1036789 SUSE bug 1049092 CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cracklib (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Moderate SUSE bug 928923 SUSE bug 992966 CVE-2016-6318 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for crash (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for crash provides the following fix: - Update crash to support -bigmem kernel dumps for PPC64, including the ones that have extended process virtual address space support to 128TB (bsc#1075785, bsc#1032471). Low SUSE bug 1032471 SUSE bug 1075785 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ctdb (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) Important SUSE bug 969522 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cups (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). Moderate SUSE bug 1096405 SUSE bug 1096406 SUSE bug 1096407 SUSE bug 1096408 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005642 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Moderate SUSE bug 1015332 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Moderate SUSE bug 1015332 SUSE bug 1032309 SUSE bug 1051644 CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Moderate SUSE bug 1061876 CVE-2017-1000254 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] Moderate SUSE bug 1027712 SUSE bug 1077001 CVE-2016-7141 CVE-2018-1000007 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) Moderate SUSE bug 1092098 CVE-2018-1000301 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Moderate SUSE bug 1106019 CVE-2018-14618 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cvs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364) Moderate SUSE bug 1053364 CVE-2017-12836 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cyrus-imapd (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include 'tls_versions: tls1_0 tls1_1 tls1_2'. New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Important SUSE bug 860611 SUSE bug 901748 SUSE bug 954200 SUSE bug 954201 SUSE bug 981670 CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Moderate SUSE bug 969820 CVE-2016-2774 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119) This non-security issue was fixed: - Enhance dhclient-script to handle static route updates. (bsc#1023415) Moderate SUSE bug 1023415 SUSE bug 1076119 CVE-2017-3144 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dom4j (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) Moderate SUSE bug 1105443 CVE-2018-1000632 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for emacs (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for evince (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file. (bsc#1070046) Moderate SUSE bug 1070046 CVE-2017-1000159 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for exempi (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file (bsc#1085585). Moderate SUSE bug 1085295 SUSE bug 1085585 CVE-2017-18234 CVE-2018-7730 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Important SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Moderate SUSE bug 1022037 SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for fontconfig (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] Low SUSE bug 992534 CVE-2016-5384 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bnc#1041445) - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. (bnc#935573) The following non security issue was fixed: - Cannot create table radpostauth because of deprecated TIMESTAMP(14) syntax. (bsc#912873) Moderate SUSE bug 1041445 SUSE bug 912873 SUSE bug 935573 CVE-2015-4680 CVE-2017-9148 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10979 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c (CVE-2014-9745, bsc#945849) - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (CVE-2014-9747, bsc#947966) Moderate SUSE bug 945849 SUSE bug 947966 CVE-2014-9745 CVE-2014-9747 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) Moderate SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c (bsc#1034191). Moderate SUSE bug 1034191 CVE-2016-10328 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for fuse (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Moderate SUSE bug 1101797 CVE-2018-10906 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc43 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gcc43 fixes the following issues: Security issue fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] New features: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection to mitigate the Stack Clash attack. [bnc#1039513] Non security bugs fixed: - Fixed build of 32bit libgcov.a with LFS support. [bsc#1044016] - Fixed issue with libstdc++ functional when an exception is thrown during construction. [bsc#999596] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed ICE compiling AFS modules for the s390x kernel. [bsc#938159] - Backport large file support from GCC 4.6. Moderate SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1045091 SUSE bug 1059075 SUSE bug 1074621 SUSE bug 938159 SUSE bug 977654 SUSE bug 999596 CVE-2017-1000376 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc43 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Moderate SUSE bug 1086069 SUSE bug 1092807 CVE-2017-5715 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc48 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gcc48 to version 4.8.5 fixes several issues. This security issue was fixed: - CVE-2015-5276: The std::random_device class in libstdc++ did not properly handle short reads from blocking sources, which made it easier for context-dependent attackers to predict the random values via unspecified vectors (bsc#945842). These non-security issues were fixed: - Provide missing libasan0-32bit and other multilibs via the updated product description [bsc#951644] - Fixed libffi issue for armv7l [bsc#988274] - Fixed libffi issue for armv7l [bsc#988274] - Fixed a kernel miscompile on aarch64 [bnc#981311] - Fixed a ppc64le ICE. [bnc#976627] - Fixed issue with using gcov and #pragma pack [bsc#977654] - Fixed samba build on AARCH64 [bsc#970009] - Fixed HTM builtins on powerpc [bsc#955382] - Fixed build of SLOF [bsc#949000] - Fixed libffi issues on aarch64 [bsc#948168] - Fixed no_instrument_function attribute handling on PPC64 with -mprofile-kernel [bsc#947791] - Fixed bogus integer overflow in constant expression [bsc#934689] - Fixed ICE with atomics on aarch64 [bsc#930176] - Fixed -imacros bug [bsc#917169] - Fixed incorrect -Warray-bounds warnings [bsc#919274] - Updated -mhotpatch for s390x [bsc#924525] - Fixed ppc64le issue with doubleword vector extract [bsc#924687] - Fixed reload issue on S390. - Keep functions leaf when they are instrumented for profiling on s390[x] [bsc#899871] - Avoid accessing invalid memory when passing aggregates by value [bsc#922534] - Rework of the memory allocator for C++ exceptions used in OOM situations [bsc#889990] Moderate SUSE bug 1011348 SUSE bug 889990 SUSE bug 899871 SUSE bug 917169 SUSE bug 919274 SUSE bug 922534 SUSE bug 924525 SUSE bug 924687 SUSE bug 930176 SUSE bug 934689 SUSE bug 945842 SUSE bug 947772 SUSE bug 947791 SUSE bug 948168 SUSE bug 949000 SUSE bug 951644 SUSE bug 955382 SUSE bug 970009 SUSE bug 976627 SUSE bug 977654 SUSE bug 981311 SUSE bug 988274 CVE-2015-5276 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc48 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Properly diagnose missing -fsanitize=address support on ppc64le. [bsc#1028744] - Backport patch for PR65612. [bsc#1022062] Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 CVE-2017-11671 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed: - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. Moderate SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] Moderate SUSE bug 988032 CVE-2016-6161 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Moderate SUSE bug 1015187 CVE-2016-9933 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Moderate SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 CVE-2016-10167 CVE-2016-10168 CVE-2016-9317 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This non-security issue was fixed: - Fixed gd2togif error message (bsc#1025223) Moderate SUSE bug 1025223 SUSE bug 1076391 CVE-2018-5711 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237) Moderate SUSE bug 1004237 CVE-2016-8602 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Important SUSE bug 1036453 CVE-2017-8291 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Important SUSE bug 1036453 CVE-2017-8291 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript-library fixes several issues. These security issues were fixed: - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Moderate SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-9601 CVE-2017-11714 CVE-2017-7207 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c (bsc#1090099) - Fixed a crash in the fix for CVE-2016-9601. Moderate SUSE bug 1090099 CVE-2016-9601 CVE-2018-10194 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Important SUSE bug 1050893 SUSE bug 1106173 SUSE bug 1107410 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107426 CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for giflib (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for giflib (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). Moderate SUSE bug 974847 CVE-2016-3977 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gimp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 gimp was updated to fix one security issue. This security issue was fixed: - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). Moderate SUSE bug 986021 CVE-2016-4994 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for git (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules (bsc#948969). Moderate SUSE bug 948969 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for git (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). Important SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for git (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for git fixes the following issue: - CVE-2017-8386: git shell, may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (bsc#1038395): Moderate SUSE bug 1038395 CVE-2017-8386 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for git (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution (bsc#1052481) Important SUSE bug 1052481 CVE-2017-1000117 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for git (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for git fixes the following issues: - CVE-2017-14867: A cvsserver perl script command injection was fixed (CVE-2017-14867, bsc#1061041): Important SUSE bug 1061041 CVE-2017-14867 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for git (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for git fixes the following issues: Security issues fixed: - CVE-2017-15298: Fixed mishandling layers of tree objects, which allowed remote attackers to cause DoS a crafted repository, aka a Git bomb (bsc#1063412). - CVE-2018-11233: Fixed path sanity-checks on NTFS that can read arbitrary memory (bsc#1095218). - CVE-2018-11235: Fixed arbitrary code execution when recursively cloning a malicious repository (bsc#1095219). - CVE-2018-17456: Fixed a code execution via .gitmodules (bsc#1110949) (partial) Non-security issues fixed: - Fixed an issue where send-email failed to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1063412 SUSE bug 1082023 SUSE bug 1095218 SUSE bug 1095219 SUSE bug 1110949 CVE-2017-15298 CVE-2018-11233 CVE-2018-11235 CVE-2018-17456 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glib2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). Moderate SUSE bug 1107116 SUSE bug 1111499 CVE-2018-16429 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Moderate SUSE bug 931399 SUSE bug 965699 SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 973179 SUSE bug 980483 SUSE bug 980854 SUSE bug 986302 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Important SUSE bug 1039357 CVE-2017-1000366 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Important SUSE bug 1074293 CVE-2018-1000001 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1074293 SUSE bug 1079036 SUSE bug 978209 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger (bsc#1076871) Moderate SUSE bug 1076871 SUSE bug 1081556 CVE-2017-12133 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. Important SUSE bug 1077763 SUSE bug 1079625 SUSE bug 1086690 SUSE bug 1094161 CVE-2018-11236 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Important SUSE bug 1058774 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 941234 CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for glibc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). Moderate SUSE bug 1064569 SUSE bug 1110170 SUSE bug 1110174 CVE-2017-15671 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 961491 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1040621 CVE-2017-6891 CVE-2017-7869 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gstreamer-0_10-plugins-base (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Moderate SUSE bug 1013669 CVE-2016-9811 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gdk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Moderate SUSE bug 966682 SUSE bug 988745 SUSE bug 991450 CVE-2013-7447 CVE-2016-6352 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). Moderate SUSE bug 1053417 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). Moderate SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1039465 SUSE bug 1048289 SUSE bug 1048544 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for guile (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129). Moderate SUSE bug 917129 CVE-2014-9654 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for icu fixes the following issue: The previous patch for CVE-2014-9654 was incorrect and lead to non-working regular expressions. This update fixes this problem (bsc#952260) Moderate SUSE bug 952260 CVE-2014-9654 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). Moderate SUSE bug 1012224 CVE-2014-9911 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for icu fixes the following issues: - CVE-2014-9911: The fix was updated to not crash (NULL ptr deref) when resPath is NULL (bsc#1023033). Moderate SUSE bug 1023033 CVE-2014-9911 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) Important SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 990636 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for imlib2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for imlib2 fixes the following issues: Security issues fixed: - CVE-2016-3994: Potential DOS in giflib loader (bsc#973759) - CVE-2016-3993: Off buy 1 in merge update (bsc#973761) - CVE-2014-9764: fix segmentation fault when opening specifically crafted input (bsc#963797) - CVE-2014-9763: Prevent division-by-zero crashes (bsc#963800) - CVE-2011-5326: Ellipse of width 1 triggers crashes (bsc#974202) Bugs fixed: - bsc#977538: Fix various potential crashes Moderate SUSE bug 963797 SUSE bug 963800 SUSE bug 973759 SUSE bug 973761 SUSE bug 974202 SUSE bug 977538 CVE-2011-5326 CVE-2014-9763 CVE-2014-9764 CVE-2016-3993 CVE-2016-3994 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015400 SUSE bug 1015993 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Important SUSE bug 935540 SUSE bug 938895 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The java-1_7_1-ibm package was updated to version 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 941939 SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Important SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_July_18_2017_CPU Important SUSE bug 1053431 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm fixes the following issues: * CVE-2017-10349: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10348: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10388: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-9841: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10293: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10345: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10350: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10356: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10357: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10347: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10355: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10285: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10281: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10295: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10346: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-10165: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm provides the following fix: The version was updated to 7.1.4.20 [bsc#1082810] * Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 929900 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jpeg (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Moderate SUSE bug 1062937 SUSE bug 1096209 SUSE bug 1098155 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kdelibs3 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Moderate SUSE bug 958347 CVE-2015-7543 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Important SUSE bug 909589 SUSE bug 954847 SUSE bug 971030 SUSE bug 974620 SUSE bug 979915 SUSE bug 982544 SUSE bug 983721 SUSE bug 984755 SUSE bug 986362 SUSE bug 986572 SUSE bug 988498 CVE-2016-4470 CVE-2016-4997 CVE-2016-5829 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. (FATE#319026) The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104 bsc#922947 bsc#968014). The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg (fate#319286). - ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (fate#319286). - alsa: hda - Add Intel Lewisburg device IDs Audio (fate#319286). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - avoid dentry crash triggered by NFS (bsc#984194). - bigmem: Add switch to configure bigmem patches (bsc#928138,fate#319026). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bnx2x: fix lockdep splat (bsc#908684 FATE#317539). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() (FATE#313903). - dm thin: fix race condition when destroying thin pool workqueue (FATE#313903). - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - drivers: hv: vmbus: handle various crash scenarios (bnc#986337). - drivers: hv: vmbus: remove code duplication in message handling (bnc#986337). - drivers: hv: vss: run only on supported host versions (bnc#986337). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - i2c: i801: add Intel Lewisburg device IDs (fate#319286). - i40e: fix an uninitialized variable bug (bsc#909484 FATE#317397). - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - introduce SIZE_MAX (bsc#1000189). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi: Import kabi files from 3.0.101-80 - kabi-fix for flock_owner addition (bsc#998689). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: sanity check cpu number extracted from xid (bsc#988440). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - bigmem: make bigmem patches configurable (bsc#928138,fate#319026). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid10: always set reshape_safe when initializing reshape_position (fate#311379). - md/raid10: Fix memory leak when raid10 reshape completes (fate#311379). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - Move patches that create ppc64-bigmem to the powerpc section. Add comments that outline the procedure and warn the unsuspecting. - move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - oom: print nodemask in the oom report (bnc#1003866). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - pciback: return proper values during BAR sizing. - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models (fate#321400). - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - ppp: defer netns reference release for ppp channel (bsc#980371). - qlcnic: fix a timeout loop (bsc#909350 FATE#317546) - random32: add prandom_u32_max (bsc#989152). - remove problematic preprocessor constructs (bsc#928138,fate#319026). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - rpm/package-descriptions: add -bigmem description - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - sata: Adding Intel Lewisburg device IDs for SATA (fate#319286). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scripts/bigmem-generate-ifdef-guard: auto-regen patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: Include this script to regenerate patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: make executable - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618 FATE#317521). - sort hyperv patches properly in series.conf - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458 FATE#317507). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, a.o.). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: do not deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support (fate#321400). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors (fate#321400). - x86/gart: Check for GART support before accessing GART registers (fate#321400). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - zfcp: close window with unblocked rport during rport gone (bnc#1003677, LTC#144310). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677, LTC#144312). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677, LTC#144308). - zfcp: fix payload trace length for SAN request&response (bnc#1003677, LTC#144312). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677, LTC#144312). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677, LTC#144312). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677, LTC#144312). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677, LTC#144312). - zfcp: trace on request for open and close of WKA port (bnc#1003677, LTC#144312). Important SUSE bug 1000189 SUSE bug 1001419 SUSE bug 1002165 SUSE bug 1003077 SUSE bug 1003344 SUSE bug 1003568 SUSE bug 1003677 SUSE bug 1003866 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1004520 SUSE bug 1005857 SUSE bug 1005896 SUSE bug 1005903 SUSE bug 1006917 SUSE bug 1006919 SUSE bug 1007944 SUSE bug 763198 SUSE bug 771065 SUSE bug 799133 SUSE bug 803320 SUSE bug 839104 SUSE bug 843236 SUSE bug 860441 SUSE bug 863873 SUSE bug 865783 SUSE bug 871728 SUSE bug 907611 SUSE bug 908458 SUSE bug 908684 SUSE bug 909077 SUSE bug 909350 SUSE bug 909484 SUSE bug 909618 SUSE bug 909994 SUSE bug 911687 SUSE bug 915183 SUSE bug 920016 SUSE bug 922634 SUSE bug 922947 SUSE bug 928138 SUSE bug 929141 SUSE bug 934760 SUSE bug 951392 SUSE bug 956514 SUSE bug 960689 SUSE bug 963655 SUSE bug 967716 SUSE bug 968010 SUSE bug 968014 SUSE bug 971975 SUSE bug 971989 SUSE bug 973203 SUSE bug 974620 SUSE bug 976867 SUSE bug 977687 SUSE bug 979514 SUSE bug 979595 SUSE bug 979681 SUSE bug 980371 SUSE bug 982218 SUSE bug 982783 SUSE bug 983535 SUSE bug 983619 SUSE bug 984102 SUSE bug 984194 SUSE bug 984992 SUSE bug 985206 SUSE bug 986337 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 987565 SUSE bug 988440 SUSE bug 989152 SUSE bug 989261 SUSE bug 989764 SUSE bug 989779 SUSE bug 991608 SUSE bug 991665 SUSE bug 991923 SUSE bug 992566 SUSE bug 993127 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994436 SUSE bug 994618 SUSE bug 994759 SUSE bug 994926 SUSE bug 995968 SUSE bug 996329 SUSE bug 996664 SUSE bug 997708 SUSE bug 998399 SUSE bug 998689 SUSE bug 999584 SUSE bug 999600 SUSE bug 999907 SUSE bug 999932 CVE-2013-4312 CVE-2015-7513 CVE-2015-8956 CVE-2016-0823 CVE-2016-3841 CVE-2016-4997 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - KABI fix (bsc#1014410). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - ibmveth: calculate gso_segs for large packets (bsc#1019165). - ibmveth: set correct gso_size and gso_type (bsc#1019165). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491 FATE#317388). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297 FATE#313656). - igb: Fix oops caused by missing queue pairing (bsc#909491 FATE#317388). - igb: Fix oops on changing number of rings (bsc#909491 FATE#317388). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491 FATE#317388). - igb: Unpair the queues when changing the number of queues (bsc#909491 FATE#317388). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: Fix error flow when sending mads under SRIOV (bsc#786036 FATE#314304). - mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036 FATE#314304). - mlx4: Fix memory leak if QP creation failed (bsc#786036 FATE#314304). - mlx4: Fix potential deadlock when sending mad to wire (bsc#786036 FATE#314304). - mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036 FATE#314304). - mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036 FATE#314304). - mlx4: add missing braces in verify_qp_parameters (bsc#786036 FATE#314304). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036 FATE#314304). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382 FATE#317529). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036 FATE#314304). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bsc#919382 FATE#317529). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036 FATE#314304). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382 FATE#317529). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382 FATE#317529). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382 FATE#317529). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036 FATE#314304). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036 FATE#314304). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382 FATE#317529). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382 FATE#317529). - netfront: do not truncate grant references. - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201). - printk/sched: Introduce special printk_sched() for those awkward (bsc#996541). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350 FATE#317546). - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999 FATE#313899). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/zcrypt: kernel: Fix invalid domain response handling (bsc#1016320). - scsi: Fix erratic device offline during EH (bsc#993832). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Fix temperature reporting (bnc#790588 FATE#313912). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - xenbus: do not invoke is_ready() for most device states (bsc#987333). Important SUSE bug 1003813 SUSE bug 1005877 SUSE bug 1007615 SUSE bug 1008557 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1008893 SUSE bug 1009875 SUSE bug 1010150 SUSE bug 1010175 SUSE bug 1010201 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010713 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1011820 SUSE bug 1012183 SUSE bug 1012411 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1012851 SUSE bug 1012852 SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1013038 SUSE bug 1013042 SUSE bug 1013070 SUSE bug 1013531 SUSE bug 1013542 SUSE bug 1014410 SUSE bug 1014454 SUSE bug 1014746 SUSE bug 1015561 SUSE bug 1015752 SUSE bug 1015760 SUSE bug 1015796 SUSE bug 1015803 SUSE bug 1015817 SUSE bug 1015828 SUSE bug 1015844 SUSE bug 1015848 SUSE bug 1015878 SUSE bug 1015932 SUSE bug 1016320 SUSE bug 1016505 SUSE bug 1016520 SUSE bug 1016668 SUSE bug 1016688 SUSE bug 1016824 SUSE bug 1016831 SUSE bug 1017686 SUSE bug 1017710 SUSE bug 1019079 SUSE bug 1019148 SUSE bug 1019165 SUSE bug 1019348 SUSE bug 1019783 SUSE bug 1020214 SUSE bug 1021258 SUSE bug 748806 SUSE bug 786036 SUSE bug 790588 SUSE bug 795297 SUSE bug 800999 SUSE bug 821612 SUSE bug 824171 SUSE bug 851603 SUSE bug 853052 SUSE bug 871728 SUSE bug 901809 SUSE bug 909350 SUSE bug 909491 SUSE bug 913387 SUSE bug 914939 SUSE bug 919382 SUSE bug 924708 SUSE bug 925065 SUSE bug 953233 SUSE bug 961589 SUSE bug 962846 SUSE bug 969340 SUSE bug 973691 SUSE bug 987333 SUSE bug 987576 SUSE bug 989152 SUSE bug 989680 SUSE bug 989896 SUSE bug 990245 SUSE bug 992991 SUSE bug 993739 SUSE bug 993832 SUSE bug 996541 SUSE bug 996557 SUSE bug 997401 SUSE bug 999101 CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-5696 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Important SUSE bug 1027565 CVE-2017-2636 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Critical) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Critical SUSE bug 1018074 SUSE bug 1035920 SUSE bug 1039348 SUSE bug 1042921 SUSE bug 1043234 CVE-2017-1000364 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Important SUSE bug 1000365 SUSE bug 1000380 SUSE bug 1012422 SUSE bug 1013018 SUSE bug 1015452 SUSE bug 1023051 SUSE bug 1029140 SUSE bug 1029850 SUSE bug 1030552 SUSE bug 1030593 SUSE bug 1030814 SUSE bug 1032340 SUSE bug 1032471 SUSE bug 1034026 SUSE bug 1034670 SUSE bug 1035576 SUSE bug 1035721 SUSE bug 1035777 SUSE bug 1035920 SUSE bug 1036056 SUSE bug 1036288 SUSE bug 1036629 SUSE bug 1037191 SUSE bug 1037193 SUSE bug 1037227 SUSE bug 1037232 SUSE bug 1037233 SUSE bug 1037356 SUSE bug 1037358 SUSE bug 1037359 SUSE bug 1037441 SUSE bug 1038544 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039258 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040351 SUSE bug 1041160 SUSE bug 1041431 SUSE bug 1041762 SUSE bug 1041975 SUSE bug 1042045 SUSE bug 1042615 SUSE bug 1042633 SUSE bug 1042687 SUSE bug 1042832 SUSE bug 1042863 SUSE bug 1043014 SUSE bug 1043234 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044216 SUSE bug 1044230 SUSE bug 1044854 SUSE bug 1044882 SUSE bug 1044913 SUSE bug 1045154 SUSE bug 1045356 SUSE bug 1045416 SUSE bug 1045479 SUSE bug 1045487 SUSE bug 1045525 SUSE bug 1045538 SUSE bug 1045547 SUSE bug 1045615 SUSE bug 1046107 SUSE bug 1046192 SUSE bug 1046715 SUSE bug 1047027 SUSE bug 1047053 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047523 SUSE bug 1047653 SUSE bug 1048185 SUSE bug 1048221 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049128 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049688 SUSE bug 1049882 SUSE bug 1050154 SUSE bug 1050431 SUSE bug 1051478 SUSE bug 1051515 SUSE bug 1051770 SUSE bug 1055680 SUSE bug 784815 SUSE bug 792863 SUSE bug 799133 SUSE bug 909618 SUSE bug 919382 SUSE bug 928138 SUSE bug 938352 SUSE bug 943786 SUSE bug 948562 SUSE bug 962257 SUSE bug 971975 SUSE bug 972891 SUSE bug 986924 SUSE bug 990682 SUSE bug 995542 CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Important SUSE bug 1059525 CVE-2017-1000253 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870). - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095). - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348). - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - USB: hub: fix non-SS hub-descriptor handling (bsc#1047487). - USB: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - USB: visor: Match I330 phone more precisely (bsc#1047487). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - drm: re-enable error handling (bsc#1103884) - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Important SUSE bug 1037441 SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1048185 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1057199 SUSE bug 1060245 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1080157 SUSE bug 1087081 SUSE bug 1092772 SUSE bug 1092903 SUSE bug 1093666 SUSE bug 1096547 SUSE bug 1097562 SUSE bug 1098822 SUSE bug 1099922 SUSE bug 1100132 SUSE bug 1100705 SUSE bug 1102517 SUSE bug 1102870 SUSE bug 1103119 SUSE bug 1103884 SUSE bug 1103909 SUSE bug 1104481 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1104901 SUSE bug 1105100 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105536 SUSE bug 1105723 SUSE bug 1106095 SUSE bug 1106105 SUSE bug 1106199 SUSE bug 1106202 SUSE bug 1106206 SUSE bug 1106209 SUSE bug 1106212 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106609 SUSE bug 1106886 SUSE bug 1106930 SUSE bug 1106995 SUSE bug 1107001 SUSE bug 1107064 SUSE bug 1107071 SUSE bug 1107650 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107949 SUSE bug 1108096 SUSE bug 1108170 SUSE bug 1108823 SUSE bug 1108912 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kernel-source (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). * CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - NFS: never queue requests with rq_cong set on the sending queue (bsc#932458). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - Apparmor: fix file_permission if profile is updated (bsc#917968). - block: Discard bios do not have data (bsc#928988). - cifs: Fix missing crypto allocation (bnc#937402). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582). - drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi: Correctly set the scsi host/msg/status bytes (bnc#933936). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002) - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: enable sch_mqprio (bsc#932882) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). Moderate SUSE bug 777565 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 884333 SUSE bug 886785 SUSE bug 891116 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 917968 SUSE bug 919463 SUSE bug 920016 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923002 SUSE bug 923245 SUSE bug 923431 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 928988 SUSE bug 929076 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930934 SUSE bug 931620 SUSE bug 932350 SUSE bug 932458 SUSE bug 932882 SUSE bug 933429 SUSE bug 933721 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934944 SUSE bug 935053 SUSE bug 935055 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936095 SUSE bug 936118 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936921 SUSE bug 936925 SUSE bug 937032 SUSE bug 937256 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 938485 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 940925 SUSE bug 940966 SUSE bug 942204 SUSE bug 942305 SUSE bug 942350 SUSE bug 942367 SUSE bug 942404 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943477 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 CVE-2015-6252 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The following non-security bugs were fixed: - alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561). - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658). - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - nvme: default to 4k device page size (bsc#967042). - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815). - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094). - sunrpc: restore fair scheduling to priority queues (bsc#955308). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: pl2303: clean up line-status handling (bnc#959649). - usb: pl2303: only wake up MSR queue on changes (bnc#959649). - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - xen: Update Xen config files (enable upstream block frontend). - ec2: Update kabi files and start tracking ec2 - xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#933782). - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200). - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818). - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369). - bnx2x: fix DMA API usage (bsc#953369). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200). - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369) - kbuild: create directory for dir/file.o (bsc#959312). - llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - pci: Update VPD size with correct length (bsc#958906). - pl2303: fix TIOCMIWAIT (bnc#959649). - pl2303: introduce private disconnect method (bnc#959649). - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514). - s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434). - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434). - s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434). - s390/cio: update measurement characteristics (bnc#958000, LTC#136434). - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143). - s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - supported.conf: Add xen-blkfront. - tg3: 5715 does not link up when autoneg off (bsc#904035). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix netpoll race condition (bsc#958912). - xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200). - xen-blkfront: Handle discard requests (bsc#961658 fate#320200). - xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200). - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200). - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200). - xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200). - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200). - xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200). - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200). - xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200). - xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200). - xen-blkfront: free allocated page (bsc#961658 fate#320200). - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200). - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200). - xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200). - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200). - xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200). - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200). - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200). - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200). - xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200). - xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200). - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200). - xen-blkfront: switch from llist to list (bsc#961658 fate#320200). - xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200). - xen-block: implement indirect descriptors (bsc#961658 fate#320200). - xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200). - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200). - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200). - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200). - xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200). - xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200). - xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200). - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200). - xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183). - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479). Important SUSE bug 758040 SUSE bug 904035 SUSE bug 912738 SUSE bug 915183 SUSE bug 924919 SUSE bug 933782 SUSE bug 937444 SUSE bug 940017 SUSE bug 940946 SUSE bug 942082 SUSE bug 947128 SUSE bug 948330 SUSE bug 949298 SUSE bug 951392 SUSE bug 951815 SUSE bug 952976 SUSE bug 953369 SUSE bug 954992 SUSE bug 955308 SUSE bug 955654 SUSE bug 955837 SUSE bug 955925 SUSE bug 956084 SUSE bug 956375 SUSE bug 956514 SUSE bug 956708 SUSE bug 956949 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 958000 SUSE bug 958463 SUSE bug 958886 SUSE bug 958906 SUSE bug 958912 SUSE bug 958951 SUSE bug 959190 SUSE bug 959312 SUSE bug 959399 SUSE bug 959649 SUSE bug 959705 SUSE bug 961500 SUSE bug 961509 SUSE bug 961516 SUSE bug 961658 SUSE bug 962965 SUSE bug 963276 SUSE bug 963561 SUSE bug 963765 SUSE bug 963767 SUSE bug 964201 SUSE bug 964818 SUSE bug 966094 SUSE bug 966137 SUSE bug 966437 SUSE bug 966693 SUSE bug 967042 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 969307 CVE-2013-7446 CVE-2015-7515 CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO path switch was fixed. (bnc#1052311 bnc#1052365). The following non-security bugs were fixed: - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538). - alsa: hda - fix Lewisburg audio issue (fate#319286). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538). - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538). - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017). - nfs: Cache aggressively when file is open for writing (bsc#1053933). - nfs: Do drop directory dentry when error clearly requires it (bsc#1051932). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1053933). # Conflicts: # series.conf - nfs: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - nfs: invalidate file size when taking a lock (bsc#1053933). - pci: fix hotplug related issues (bnc#1054247, LTC#157731). - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - autofs: do not fail mount for transient error (bsc#1065180). - xen: avoid deadlock in xenbus (bnc#1047523). - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - bnx2x: prevent crash when accessing PTP with interface down (bsc#1060665). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - dm bufio: fix integer overflow when limiting maximum cache size (git-fixes). - drm/mgag200: Fixes for G200eH3. (bnc#1062842) - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand() to avoid deadloack (bsc#1067816). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484). - kabi fix for new hash_cred function (bsc#1012917). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation (fate#314508). - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl() (bsc#1051133). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180). - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - netback: coalesce (guest) RX SKBs as needed (bsc#1056504). - nfs: Fix ugly referral attributes (git-fixes). - nfs: improve shinking of access cache (bsc#1012917). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1064861, git-fixes). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888, git-fixes f2ab6219969f). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - powerpc/xics: Harden xics hypervisor backend (bnc#1056230). - powerpc: Correct instruction code for xxlor instruction (bsc#1064861, git-fixes). - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861, git-fixes). - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230). - powerpc: Make sure IPI handlers see data written by IPI senders (bnc#1056230). - reiserfs: fix race in readdir (bsc#1039803). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1054247, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247, LTC#157731). - s390/pci: improve pci hotplug (bnc#1054247, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1054247, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1054247, LTC#157731). - s390/pci: provide more debug information (bnc#1054247, LTC#157731). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1063301, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060245, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060245, LTC#159177). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - scsi: reset wait for IO completion (bsc#996376). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1060245, LTC#158494). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1060245, LTC#158494). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1060245, LTC#158493). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1060245, LTC#158494). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - usb-serial: check for NULL private data in pl2303_suse_disconnect (bsc#1064803). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#1036286). - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - xfs: fix inobt inode allocation search optimization (bsc#1013018). Important SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1022967 SUSE bug 1024450 SUSE bug 1031358 SUSE bug 1036286 SUSE bug 1036629 SUSE bug 1037441 SUSE bug 1037667 SUSE bug 1037669 SUSE bug 1037994 SUSE bug 1039803 SUSE bug 1040609 SUSE bug 1042863 SUSE bug 1045154 SUSE bug 1045205 SUSE bug 1045327 SUSE bug 1045538 SUSE bug 1047523 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1051133 SUSE bug 1051932 SUSE bug 1052311 SUSE bug 1052365 SUSE bug 1052370 SUSE bug 1052593 SUSE bug 1053148 SUSE bug 1053152 SUSE bug 1053317 SUSE bug 1053802 SUSE bug 1053933 SUSE bug 1054070 SUSE bug 1054076 SUSE bug 1054093 SUSE bug 1054247 SUSE bug 1054305 SUSE bug 1054706 SUSE bug 1056230 SUSE bug 1056504 SUSE bug 1056588 SUSE bug 1057179 SUSE bug 1057796 SUSE bug 1058524 SUSE bug 1059051 SUSE bug 1060245 SUSE bug 1060665 SUSE bug 1061017 SUSE bug 1061180 SUSE bug 1062520 SUSE bug 1062842 SUSE bug 1063301 SUSE bug 1063544 SUSE bug 1063667 SUSE bug 1064803 SUSE bug 1064861 SUSE bug 1065180 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066618 SUSE bug 1066625 SUSE bug 1066650 SUSE bug 1066671 SUSE bug 1066700 SUSE bug 1066705 SUSE bug 1067085 SUSE bug 1067816 SUSE bug 1067888 SUSE bug 909484 SUSE bug 984530 SUSE bug 996376 CVE-2017-1000112 CVE-2017-10661 CVE-2017-12762 CVE-2017-13080 CVE-2017-14051 CVE-2017-14140 CVE-2017-14340 CVE-2017-14489 CVE-2017-15102 CVE-2017-15265 CVE-2017-15274 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-8831 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This update does this on the Intel x86_64 and IBM Power architecture. Updates are also necessary for the ARM architecture, but will be delivered in the next round of updates. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - autofs: fix careless error in recent commit (bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs: prevent speculative execution (bnc#1068032). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). Important SUSE bug 1013018 SUSE bug 1024612 SUSE bug 1034862 SUSE bug 1045479 SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1048185 SUSE bug 1050231 SUSE bug 1050431 SUSE bug 1056982 SUSE bug 1063043 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1066569 SUSE bug 1066693 SUSE bug 1066973 SUSE bug 1068032 SUSE bug 1068671 SUSE bug 1068984 SUSE bug 1069702 SUSE bug 1070771 SUSE bug 1070964 SUSE bug 1071074 SUSE bug 1071470 SUSE bug 1071695 SUSE bug 1072457 SUSE bug 1072561 SUSE bug 1072876 SUSE bug 1073792 SUSE bug 1073874 CVE-2017-11600 CVE-2017-13167 CVE-2017-14106 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Important SUSE bug 1068032 CVE-2017-5715 CVE-2017-5753 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). Important SUSE bug 1012382 SUSE bug 1045538 SUSE bug 1048585 SUSE bug 1050431 SUSE bug 1054305 SUSE bug 1059174 SUSE bug 1060279 SUSE bug 1060682 SUSE bug 1063544 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1069508 SUSE bug 1070623 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074880 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076437 SUSE bug 1076849 SUSE bug 1077191 SUSE bug 1077355 SUSE bug 1077406 SUSE bug 1077487 SUSE bug 1077560 SUSE bug 1077922 SUSE bug 1078875 SUSE bug 1079917 SUSE bug 1080133 SUSE bug 1080359 SUSE bug 1080363 SUSE bug 1080372 SUSE bug 1080579 SUSE bug 1080685 SUSE bug 1080774 SUSE bug 1081500 SUSE bug 936530 SUSE bug 962257 CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Avoid quadratic search when freeing delegations (bsc#1084760). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - powerpc/64: Disable gmb() on powerpc - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - series.conf: fix the header It was corrupted back in 2015. - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - Update config files. Enable retpolines for i386 build. - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - usb: hub: fix SS hub-descriptor handling (bsc#1092372). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/xen: disable IBRS around CPU stopper function invocation - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). Important SUSE bug 1046610 SUSE bug 1052943 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1075088 SUSE bug 1080157 SUSE bug 1084760 SUSE bug 1087082 SUSE bug 1087092 SUSE bug 1089895 SUSE bug 1090630 SUSE bug 1090888 SUSE bug 1091041 SUSE bug 1091671 SUSE bug 1091755 SUSE bug 1091815 SUSE bug 1092372 SUSE bug 1092497 SUSE bug 1094019 CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. (bsc#1093600) The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and without eBPF maps the out-of-bounds access in speculative execution branch can't be mounted. Moreoever, seccomp BPF uses only such a subset of BPF that can only do absolute indexing, and therefore seccomp data buffer boundarier can't be crossed. Information condensed from Alexei and Kees. - ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline (bsc#1092497) - ib/mlx4: Convert slave port before building address-handle (bug#919382 FATE#317529). - KABI protect struct _lowcore (bsc#1089386). - Update config files, add Spectre mitigation for s390x (bnc#1089386, LTC#166572). - Update s390 config files (bsc#1089386). - fanotify: fix logic of events on child (bsc#1013018). - ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018). - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082). - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713, bsc#1093710). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, LTC#167429). - s390/dasd: fix IO error for newly defined devices (bnc#1091659, LTC#167398). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, LTC#168037). - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, LTC#165985). - s390: add automatic detection of the spectre defense (bnc#1089386, LTC#166572). - s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572). - s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572). - s390: correct module section names for expoline code revert (bsc#1089386). - s390: correct nospec auto detection init order (bnc#1089386, LTC#166572). - s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, LTC#166572). - s390: fix retpoline build on 31bit (bsc#1089386). - s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, LTC#166572). - s390: introduce execute-trampolines for branches (bnc#1089386, LTC#166572). - s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, LTC#166572). - s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572). - s390: run user space and KVM guests with modified branch prediction (bnc#1089386, LTC#166572). - s390: scrub registers on kernel entry and KVM exit (bnc#1089386, LTC#166572). - x86, mce: Fix mce_start_timer semantics (bsc#1090607). - x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL Important SUSE bug 1013018 SUSE bug 1070404 SUSE bug 1072689 SUSE bug 1087082 SUSE bug 1088343 SUSE bug 1089386 SUSE bug 1090607 SUSE bug 1091659 SUSE bug 1092497 SUSE bug 1093600 SUSE bug 1093710 SUSE bug 919382 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234). - CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Important SUSE bug 1082962 SUSE bug 1083900 SUSE bug 1085107 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1092904 SUSE bug 1094353 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097234 SUSE bug 1098016 SUSE bug 1099924 SUSE bug 1099942 SUSE bug 1100418 SUSE bug 1104475 SUSE bug 1104684 SUSE bug 909361 CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). Important SUSE bug 1108399 SUSE bug 1109967 CVE-2018-17182 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add 'on'/'off' support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert 'NFS: Make close(2) asynchronous when closing NFS O_DIRECT files' (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert ' libfc: use offload EM instance again instead jumping to next EM' (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove 'weak' from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1012382 SUSE bug 1031572 SUSE bug 1068032 SUSE bug 1086695 SUSE bug 1087081 SUSE bug 1094244 SUSE bug 1098658 SUSE bug 1104098 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105536 SUSE bug 1106105 SUSE bug 1106886 SUSE bug 1107371 SUSE bug 1109330 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1112963 SUSE bug 1113667 SUSE bug 1114440 SUSE bug 1114672 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1115827 SUSE bug 1115828 SUSE bug 1115829 SUSE bug 1115830 SUSE bug 1115831 SUSE bug 1115832 SUSE bug 1115833 SUSE bug 1115834 SUSE bug 1115835 SUSE bug 1115836 SUSE bug 1115837 SUSE bug 1115838 SUSE bug 1115839 SUSE bug 1115840 SUSE bug 1115841 SUSE bug 1115842 SUSE bug 1115843 SUSE bug 1115844 SUSE bug 1116841 SUSE bug 1117796 SUSE bug 1117802 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117943 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1118760 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120056 SUSE bug 1120077 SUSE bug 1120086 SUSE bug 1120093 SUSE bug 1120094 SUSE bug 1120105 SUSE bug 1120107 SUSE bug 1120109 SUSE bug 1120217 SUSE bug 1120223 SUSE bug 1120226 SUSE bug 1120336 SUSE bug 1120347 SUSE bug 1120743 SUSE bug 1120950 SUSE bug 1121872 SUSE bug 1121997 SUSE bug 1122874 SUSE bug 1123505 SUSE bug 1123702 SUSE bug 1123706 SUSE bug 1124010 SUSE bug 1124735 SUSE bug 1125931 SUSE bug 931850 SUSE bug 969471 SUSE bug 969473 CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer '^A' notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Important SUSE bug 814440 SUSE bug 879378 SUSE bug 879381 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 921081 SUSE bug 926774 SUSE bug 930145 SUSE bug 930770 SUSE bug 930788 SUSE bug 930835 SUSE bug 932805 SUSE bug 935123 SUSE bug 935757 SUSE bug 937256 SUSE bug 937444 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940913 SUSE bug 940946 SUSE bug 941202 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944677 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946214 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949936 SUSE bug 949981 SUSE bug 950298 SUSE bug 950750 SUSE bug 950998 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 953799 SUSE bug 953980 SUSE bug 954404 SUSE bug 954628 SUSE bug 954950 SUSE bug 954984 SUSE bug 955673 SUSE bug 956709 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable changes in this kernel: - It is now possible to mount a NFS export on the exporting host directly. The following security bugs were fixed: - CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213). - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512). The following non-security bugs were fixed: - acpi / PCI: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: hrtimer: Handle start/stop more properly (bsc#973378). - alsa: oxygen: add Xonar DGX support (bsc#982691). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying and updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hid-elo: kill not flush the work (bnc#982532). - hpsa: fix issues with multilun devices (bsc#959381). - hv: Assign correct ->can_queue value in hv_storvsc (bnc#969391) - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - Import kabi files from kernel 3.0.101-71 - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - ipvs: count pre-established TCP states as active (bsc#970114). - isofs: Revert 'get_rock_ridge_filename(): handle malformed NM entries' This reverts commit cb6ce3ec7a964e56da9ba9cd3c9f0e708b5c3b2c. It should have never landed in the tree (we already have the patch via c63531c60ff that came through CVE branch), but I messed up the merge. - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - llist: Add llist_next(). - make vfree() safe to call from interrupt contexts . - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one 'from' address not marked synced (bsc#971433). - NFS4: treat lock owners as opaque values (bnc#968141). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFSd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - NFSd: do not fail unchecked creates of non-special files (bsc#973237). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFS: use smaller allocations for 'struct idmap' (bsc#965923). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nvme: fix max_segments integer truncation (bsc#676471). - NVMe: Unify controller probe and resume (bsc#979347). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - PCI: Move pci_ari_enabled() to global header (bsc#968566). - RDMA/ucma: Fix AB-BA deadlock (bsc#963998). - Restore kabi after lock-owner change (bnc#968141). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - SCSI mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - Tidy series.conf, p5 Only one last patch which can be moved easily. There are some more x86-related things left at the end but moving them won't be that trivial. - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). Important SUSE bug 676471 SUSE bug 866130 SUSE bug 898592 SUSE bug 936530 SUSE bug 940413 SUSE bug 944309 SUSE bug 946122 SUSE bug 949752 SUSE bug 953369 SUSE bug 956491 SUSE bug 956852 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 959381 SUSE bug 960458 SUSE bug 960857 SUSE bug 961512 SUSE bug 961518 SUSE bug 963762 SUSE bug 963998 SUSE bug 965319 SUSE bug 965860 SUSE bug 965923 SUSE bug 966245 SUSE bug 967863 SUSE bug 967914 SUSE bug 968010 SUSE bug 968018 SUSE bug 968141 SUSE bug 968500 SUSE bug 968566 SUSE bug 968670 SUSE bug 968687 SUSE bug 969149 SUSE bug 969391 SUSE bug 969571 SUSE bug 970114 SUSE bug 970504 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971126 SUSE bug 971360 SUSE bug 971433 SUSE bug 971446 SUSE bug 971729 SUSE bug 971944 SUSE bug 971947 SUSE bug 971989 SUSE bug 972363 SUSE bug 973237 SUSE bug 973378 SUSE bug 973556 SUSE bug 973570 SUSE bug 974646 SUSE bug 974787 SUSE bug 975358 SUSE bug 975772 SUSE bug 975945 SUSE bug 976739 SUSE bug 976868 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979213 SUSE bug 979274 SUSE bug 979347 SUSE bug 979419 SUSE bug 979548 SUSE bug 979595 SUSE bug 979867 SUSE bug 979879 SUSE bug 980371 SUSE bug 980725 SUSE bug 980788 SUSE bug 980931 SUSE bug 981231 SUSE bug 981267 SUSE bug 982532 SUSE bug 982691 SUSE bug 983143 SUSE bug 983213 SUSE bug 984107 CVE-2015-7566 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-5244 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Important SUSE bug 1004418 CVE-2016-5195 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kernel-source (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Important SUSE bug 1045340 SUSE bug 1045406 CVE-2017-1000364 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerability. [bnc#1057389] Important SUSE bug 1057389 CVE-2017-1000251 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use. - Btrfs: fix freeing used extent after removing empty block group. - Btrfs: fix freeing used extents after removing empty block group. - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming. - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation. - Btrfs: fix race between scrub and block group deletion. - Btrfs: fix race between transaction commit and empty block group removal. - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group. - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list. - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM. - Btrfs: make btrfs_issue_discard return bytes discarded. - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically. - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock. - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard. - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC. - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746). - s390/dasd: fix failing path verification (bnc#1096746). - trace: module: Maintain a valid user count (bsc#1097443). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). Important SUSE bug 1046610 SUSE bug 1052351 SUSE bug 1068054 SUSE bug 1079152 SUSE bug 1080837 SUSE bug 1083347 SUSE bug 1087086 SUSE bug 1087088 SUSE bug 1088997 SUSE bug 1088998 SUSE bug 1088999 SUSE bug 1089000 SUSE bug 1089001 SUSE bug 1089002 SUSE bug 1089003 SUSE bug 1089004 SUSE bug 1089005 SUSE bug 1089006 SUSE bug 1089007 SUSE bug 1089008 SUSE bug 1089010 SUSE bug 1089011 SUSE bug 1089012 SUSE bug 1089013 SUSE bug 1089016 SUSE bug 1089192 SUSE bug 1089199 SUSE bug 1089200 SUSE bug 1089201 SUSE bug 1089202 SUSE bug 1089203 SUSE bug 1089204 SUSE bug 1089205 SUSE bug 1089206 SUSE bug 1089207 SUSE bug 1089208 SUSE bug 1089209 SUSE bug 1089210 SUSE bug 1089211 SUSE bug 1089212 SUSE bug 1089213 SUSE bug 1089214 SUSE bug 1089215 SUSE bug 1089216 SUSE bug 1089217 SUSE bug 1089218 SUSE bug 1089219 SUSE bug 1089220 SUSE bug 1089221 SUSE bug 1089222 SUSE bug 1089223 SUSE bug 1089224 SUSE bug 1089225 SUSE bug 1089226 SUSE bug 1089227 SUSE bug 1089228 SUSE bug 1089229 SUSE bug 1089230 SUSE bug 1089231 SUSE bug 1089232 SUSE bug 1089233 SUSE bug 1089234 SUSE bug 1089235 SUSE bug 1089236 SUSE bug 1089237 SUSE bug 1089238 SUSE bug 1089239 SUSE bug 1089240 SUSE bug 1089241 SUSE bug 1093194 SUSE bug 1093195 SUSE bug 1093196 SUSE bug 1093197 SUSE bug 1093198 SUSE bug 1094244 SUSE bug 1094421 SUSE bug 1094422 SUSE bug 1094423 SUSE bug 1094424 SUSE bug 1094425 SUSE bug 1094436 SUSE bug 1094437 SUSE bug 1095241 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096746 SUSE bug 1097443 SUSE bug 1097445 SUSE bug 1097948 SUSE bug 973378 SUSE bug 989401 CVE-2018-3665 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351). The following non-security bugs were fixed: - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538). - ALSA: seq: Do not allow resizing pool in use (bsc#1045538). - Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078) - IB/mlx4: fix sprintf format warning (bnc#786036). - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036). - USB: uss720: fix NULL-deref at probe (bnc#1047487). - bna: integer overflow bug in debugfs (bnc#780242). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495). - fix a leak in /proc/schedstats (bsc#1094876). - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301). - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes). - module/retpoline: Warn about missing retpoline in module (bnc#1099177). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036). - net/mlx4_en: Change default QoS settings (bnc#786036 ). - net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105). - netxen: fix incorrect loop counter decrement (bnc#784815). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - s390/qdio: do not merge ERROR output buffers (bnc#1099709). - s390/qeth: do not dump control cmd twice (bnc#1099709). - s390/qeth: fix SETIP command handling (bnc#1099709). - s390/qeth: free netdevice when removing a card (bnc#1099709). - s390/qeth: lock read device while queueing next buffer (bnc#1099709). - s390/qeth: when thread completes, wake up all waiters (bnc#1099709). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: sg: mitigate read/write abuse (bsc#1101296). - tg3: do not clear stats while tg3_close (bnc#790588). - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966). - vmxnet3: use correct flag to indicate LRO feature (bsc#936423). - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408). - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177). Important SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1087086 SUSE bug 1090078 SUSE bug 1094244 SUSE bug 1094876 SUSE bug 1098408 SUSE bug 1099177 SUSE bug 1099598 SUSE bug 1099709 SUSE bug 1099966 SUSE bug 1100089 SUSE bug 1100091 SUSE bug 1101296 SUSE bug 780242 SUSE bug 784815 SUSE bug 786036 SUSE bug 790588 SUSE bug 795301 SUSE bug 902351 SUSE bug 909495 SUSE bug 923242 SUSE bug 925105 SUSE bug 936423 CVE-2014-3688 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). - CVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829). The following non-security bugs were fixed: - Btrfs: fix deadlock when finalizing block group creation (bsc#1107849). - Btrfs: fix quick exhaustion of the system array in the superblock (bsc#1107849). - FS-Cache: Synchronise object death state change vs operation submission (bsc#1107371). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - KVM: Disable irq while unregistering user notifier (bsc#1106240). - KVM: SVM: obey guest PAT (bsc#1106240). - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (bsc#1106240). - KVM: emulate: fix CMPXCHG8B on 32-bit hosts (bsc#1106240). - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bsc#1106240). - KVM: x86: fix use of uninitialized memory as segment descriptor in emulator (bsc#1106240). - KVM: x86: zero base3 of unusable segments (bsc#1106240). - NFS - do not hang if xdr decoded username is bad (bsc#1105799). - NFSv4.1 - Do not leak IO size from one mount to another (bsc#1103145). - PCI/AER: Report non-fatal errors only to the affected endpoint (bsc#1109806). - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - PCI: shpchp: Check bridge's secondary (not primary) bus speed (bsc#1109806). - PCI: shpchp: Fix AMD POGO identification (bsc#1109806). - add kernel parameter to disable failfast on block devices (bsc#1081680). - block: add flag QUEUE_FLAG_REGISTERED (bsc#1047027). - block: allow gendisk's request_queue registration to be deferred (bsc#1047027). - crypto: ghash-clmulni-intel - use C implementation for setkey() (bsc#1110006). - dm: fix incomplete request_queue initialization (bsc#1047027). - dm: only initialize the request_queue once (bsc#1047027). - firmware/ihex2fw.c: restore missing default in switch statement (bsc#1114460). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (git-fixes). - locks: fix unlock when fcntl_setlk races with a close (git-fixes). - media: Fix invalid free in the fix for mceusb (bsc#1050431). - media: cx25821: prevent out-of-bounds read on array card (bsc#1050431). - media: ite-cir: initialize use_demodulator before using it (bsc#1050431). - media: mceusb: fix NULL-deref at probe (bsc#1050431). - media: mceusb: fix memory leaks in error path. - percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree() (git fixes). - powerpc, KVM: Rework KVM checks in first-level interrupt handlers (bsc#1094244). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bsc#1064861). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/asm: Mark cr0 as clobbered in mftb() (bsc#1049128). - powerpc/book3s: Introduce a early machine check hook in cpu_spec (bsc#1094244). - powerpc/book3s: Introduce exclusive emergency stack for machine check exception (bsc#1094244). - powerpc/book3s: Split the common exception prolog logic into two section (bsc#1094244). - powerpc/book3s: handle machine check in Linux host (bsc#1094244). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/pseries: Avoid using the size greater than (bsc#1094244). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc: Add a symbol for hypervisor trampolines (bsc#1094244). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - powerpc: Make load_hander handle upto 64k offset (bsc#1094244). - powerpc: Rework runlatch code (bsc#1094244). - powerpc: Save CFAR before branching in interrupt entry paths (bsc#1094244). - powerpc: cputable: KABI - hide new cpu_spec member from genksyms (bsc#1094244). - powerpc: move MCE handler out-of-line and consolidate with machine_check_fwnmi (bsc#1094244). - powerpc: move stab code into #ifndef CONFIG_POWER4_ONLY (bsc#1094244). - powerpc: replace open-coded EXCEPTION_PROLOG_1 with the macro in slb miss handlers (bsc#1094244). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108314, LTC#171326). - s390/sclp: Change SCLP console default buffer-full behavior (bnc#1108314, LTC#171049). - scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (bsc#1106139). - scsi: libfc: Do not login if the port is already started (bsc#1106139). - scsi: libfc: do not advance state machine for incoming FLOGI (bsc#1106139). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#923775). - signals: avoid unnecessary taking of sighand->siglock (bsc#1110247). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). Important SUSE bug 1031240 SUSE bug 1047027 SUSE bug 1049128 SUSE bug 1050431 SUSE bug 1064861 SUSE bug 1065600 SUSE bug 1066674 SUSE bug 1071021 SUSE bug 1081680 SUSE bug 1094244 SUSE bug 1094825 SUSE bug 1103145 SUSE bug 1105799 SUSE bug 1106139 SUSE bug 1106240 SUSE bug 1107371 SUSE bug 1107829 SUSE bug 1107849 SUSE bug 1108314 SUSE bug 1108498 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1110006 SUSE bug 1110247 SUSE bug 1113337 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114460 SUSE bug 923775 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-14633 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-9516 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085513, LTC#165135). - cifs: fix buffer overflow in cifs_build_path_to_root() (bsc#1085113). - drm/mgag200: fix a test in mga_vga_mode_valid() (bsc#1087092). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1013018). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1013018). - ide-cd: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kabi: x86/kaiser: properly align trampoline stack. - keys: do not let add_key() update an uninstantiated key (bnc#1063416). - keys: prevent creating a different user's keyrings (bnc#1065999). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - nfsv4: fix getacl head length estimation (git-fixes). - pci: Use function 0 VPD for identical functions, regular VPD for others (bnc#943786 git-fixes). - pipe: actually allow root to exceed the pipe buffer limits (git-fixes). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075088). - qeth: repair SBAL elements calculation (bnc#1085513, LTC#165484). - Revert 'USB: cdc-acm: fix broken runtime suspend' (bsc#1067912) - s390/qeth: fix underestimated count of buffer elements (bnc#1082091, LTC#164529). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xen/x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - xen/x86/cpu: Check speculation control CPUID bit (bsc#1068032). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/cpu: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Important SUSE bug 1010470 SUSE bug 1013018 SUSE bug 1039348 SUSE bug 1052943 SUSE bug 1062568 SUSE bug 1062840 SUSE bug 1063416 SUSE bug 1063516 SUSE bug 1065600 SUSE bug 1065999 SUSE bug 1067118 SUSE bug 1067912 SUSE bug 1068032 SUSE bug 1072689 SUSE bug 1072865 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1078669 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078674 SUSE bug 1080464 SUSE bug 1080757 SUSE bug 1080813 SUSE bug 1081358 SUSE bug 1082091 SUSE bug 1082424 SUSE bug 1083242 SUSE bug 1083275 SUSE bug 1083483 SUSE bug 1083494 SUSE bug 1084536 SUSE bug 1085113 SUSE bug 1085279 SUSE bug 1085331 SUSE bug 1085513 SUSE bug 1086162 SUSE bug 1087092 SUSE bug 1087260 SUSE bug 1087762 SUSE bug 1088147 SUSE bug 1088260 SUSE bug 1089608 SUSE bug 909077 SUSE bug 940776 SUSE bug 943786 CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2017-5715 CVE-2018-10087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). The following non-security bugs were fixed: - kvm/x86: fix icebp instruction handling (bsc#1087088). - media: cpia2: Fix a couple off by one bugs (bsc#1050431). - nfs: add nostatflush mount option (bsc#1065726). - nfs: allow flush-on-stat to be disabled (bsc#1065726). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bnc#1032084, FATE#323225). - powerpc/fadump: reuse crashkernel parameter for fadump memory reservation (bnc#1032084, FATE#323225). - powerpc/fadump: update documentation about crashkernel parameter reuse (bnc#1032084, FATE#323225). - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084, FATE#323225). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). Important SUSE bug 1032084 SUSE bug 1050431 SUSE bug 1065726 SUSE bug 1087088 SUSE bug 1089665 SUSE bug 1089668 SUSE bug 1089752 CVE-2018-10124 CVE-2018-1087 CVE-2018-8897 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kernel modules packages (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The following kernel modules were rebuild with 'retpoline' enablement to allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032) OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband (bsc#926856). Moderate SUSE bug 1068032 SUSE bug 926856 CVE-2017-5715 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for various KMPs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update rebuilds missing kernel modules (KMP) to use 'retpolines' mitigations for Spectre Variant 2 (CVE-2017-5715). Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm Moderate SUSE bug 1095824 CVE-2017-5715 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Moderate SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8631 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Moderate SUSE bug 971942 CVE-2016-3119 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). This non-security issue was fixed: - Avoid indefinite polling in KDC communication. (bsc#970696) Moderate SUSE bug 1056995 SUSE bug 1083926 SUSE bug 1083927 SUSE bug 970696 CVE-2017-11462 CVE-2018-5729 CVE-2018-5730 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libapr-util1 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Moderate SUSE bug 1064990 CVE-2017-12618 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libapr1 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Moderate SUSE bug 1064982 CVE-2017-12613 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcap-ng (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libcap-ng was updated to fix one security issue. This security issue was fixed: - CVE-2014-3215: seunshare in policycoreutils (which uses libcap-ng) is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which made it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges (bsc#876832). Moderate SUSE bug 876832 CVE-2014-3215 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcares2 (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Low SUSE bug 1007728 CVE-2016-5180 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcgroup1 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Moderate SUSE bug 1100365 CVE-2018-14348 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libdb-4_5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Moderate SUSE bug 1043886 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libevent (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libexif (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Moderate SUSE bug 1059893 CVE-2017-7544 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Moderate SUSE bug 994157 CVE-2016-6313 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added (bsc#1046607) Moderate SUSE bug 1046607 CVE-2017-7526 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for libical (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bnc#986632) - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. (bsc#986642) - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. (bsc#986658) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bnc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986632 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 CVE-2016-5823 CVE-2016-5824 CVE-2016-5825 CVE-2016-5826 CVE-2016-5827 CVE-2016-9584 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libid3tag (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libid3tag fixes the following issues: - CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (bsc#1081959 bsc#1081961) - CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown encodings when parsing ID3 tags. (bsc#1081962 bsc#387731) Moderate SUSE bug 1081959 SUSE bug 1081961 SUSE bug 1081962 SUSE bug 387731 CVE-2004-2779 CVE-2008-2109 CVE-2017-11550 CVE-2017-11551 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libidn (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Moderate SUSE bug 923241 SUSE bug 990189 SUSE bug 990190 SUSE bug 990191 CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libidn (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Moderate SUSE bug 1056450 CVE-2017-14062 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libksba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Moderate SUSE bug 979261 SUSE bug 979906 CVE-2016-4574 CVE-2016-4579 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libksba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libmikmod (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libmikmod fixes the following issues: - CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. (bsc#625547). Moderate SUSE bug 625547 CVE-2009-3995 CVE-2010-2546 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libmspack (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libmspack (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) Moderate SUSE bug 1113038 SUSE bug 1113039 CVE-2018-18584 CVE-2018-18585 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libofx (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libofx fixes the following issues: Security issues fixed: - CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673). - CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964). - CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437). Important SUSE bug 1058673 SUSE bug 1060437 SUSE bug 1061964 CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libosip2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libosip2 fixes several issues. These security issues were fixed: - CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570) - CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571) - CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572) - CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574) Moderate SUSE bug 1034570 SUSE bug 1034571 SUSE bug 1034572 SUSE bug 1034574 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libotr (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libotr fixes the following issues: - Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785) Moderate SUSE bug 969785 CVE-2016-2851 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libquicktime (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libquicktime fixes the following issues: - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Moderate SUSE bug 1022805 CVE-2016-2399 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libquicktime (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libquicktime fixes the following issues: Security issues fixed: - CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via a crafted mp4 file was fixed. (bsc#1044077) - CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009) - CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008) - CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122) - CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006) - CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002) - CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000) - CVE-2016-2399: Adjust fix to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805) Moderate SUSE bug 1022805 SUSE bug 1044000 SUSE bug 1044002 SUSE bug 1044006 SUSE bug 1044008 SUSE bug 1044009 SUSE bug 1044077 SUSE bug 1044122 CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for LibreOffice (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ * LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases * New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. * LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed: * CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. * CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. * CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. * CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. * CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. * CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Moderate SUSE bug 306333 SUSE bug 547549 SUSE bug 668145 SUSE bug 679938 SUSE bug 681560 SUSE bug 688200 SUSE bug 718113 SUSE bug 73544 SUSE bug 806250 SUSE bug 857026 SUSE bug 889755 SUSE bug 890735 SUSE bug 907636 SUSE bug 907966 SUSE bug 910805 SUSE bug 910806 SUSE bug 914911 SUSE bug 934423 SUSE bug 936188 SUSE bug 936190 SUSE bug 939996 SUSE bug 940838 SUSE bug 943075 SUSE bug 945047 SUSE bug 945692 SUSE bug 951579 SUSE bug 954345 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for librsvg (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsamplerate (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Moderate SUSE bug 1033564 CVE-2017-7697 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the 'flac_buffer_copy()' function) (bsc#1033054, bsc#1033914, bsc#1033915). Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943) - CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946) - CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944) - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945) - CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054) Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 - This update for libsndfile fixes a memory leak in an error path.(bsc#1038856) - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. (bsc#1069874) - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Moderate SUSE bug 1038856 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Moderate SUSE bug 1071767 SUSE bug 1071777 SUSE bug 1117954 CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libssh (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libssh fixes the following issues: CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. (bsc#965875) Moderate SUSE bug 965875 CVE-2016-0739 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange (fate#320343, bsc#961964) - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Moderate SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Moderate SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtirpc, rpcbind (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtirpc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) Moderate SUSE bug 968175 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtirpc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Moderate SUSE bug 1106517 SUSE bug 1106519 SUSE bug 968175 CVE-2018-14621 CVE-2018-14622 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvirt fixes the following issues: Security issue: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (bsc#953110) Bugs fixed: - bsc#960305: xenxs: support parsing and formatting vif bandwidth - bsc#961173: xen: use correct domctl version in domaininfolist union - bsc#959094: xen: Disable building xen-inotify subdriver. It is unmaintained and contains bugs that can cause client connection failures. - bsc#948686: qemu: Use PAUSED state for domains that are starting up - bsc#948516: Fix profile_status to distringuish between errors and unconfined domains. Moderate SUSE bug 948516 SUSE bug 948686 SUSE bug 953110 SUSE bug 959094 SUSE bug 960305 SUSE bug 961173 CVE-2015-5313 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed: - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed 'make check' failures. Moderate SUSE bug 952889 SUSE bug 970906 SUSE bug 987527 CVE-2016-5008 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1025340: Use xend for nodeGetFreeMemory API - bsc#1026236: Add support for tsc timers on xen Moderate SUSE bug 1025340 SUSE bug 1026236 SUSE bug 1053600 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). - CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500). Non-security issues fixed: - bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4. - bsc#1055365: Improve performance when listing hundreds of interfaces. Important SUSE bug 1055365 SUSE bug 1076500 SUSE bug 1079869 SUSE bug 1083061 SUSE bug 1083625 CVE-2017-5715 CVE-2018-1064 CVE-2018-5748 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: Added support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through. Important SUSE bug 1092885 CVE-2018-3639 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). Moderate SUSE bug 1085687 CVE-2018-5146 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072). - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812). Moderate SUSE bug 1059812 SUSE bug 1091072 CVE-2017-14160 CVE-2018-10393 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Moderate SUSE bug 1091070 CVE-2018-10392 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libwmf (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Moderate SUSE bug 831299 SUSE bug 933109 SUSE bug 936058 SUSE bug 936062 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Moderate SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Moderate SUSE bug 1005544 CVE-2016-4658 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Moderate SUSE bug 1010675 SUSE bug 1014873 CVE-2016-9318 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) * CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Moderate SUSE bug 1024989 SUSE bug 1044337 SUSE bug 1044887 SUSE bug 1044894 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) Moderate SUSE bug 1038444 CVE-2017-8872 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Moderate SUSE bug 1069689 SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-16932 CVE-2017-5130 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1102046 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 CVE-2018-14404 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxslt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for lighttpd (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests. (bsc#990847) - CVE-2015-3200: Log injection via malformed base64 string in Authentication header. (bsc#932286) Bug fixes: - Add su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - Fix out of bounds read in mod_scgi. Moderate SUSE bug 932286 SUSE bug 981347 SUSE bug 990847 CVE-2015-3200 CVE-2016-1000212 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features: - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374). The following non-security bugs were fixed: - NFSD: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783, bsc#1026260). - SUNRPC: Clean up the slot table allocation (bsc#1013862). - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862). - USB: cdc-acm: fix broken runtime suspend (bsc#1033771). - USB: cdc-acm: fix open and suspend race (bsc#1033771). - USB: cdc-acm: fix potential urb leak and PM imbalance in write (bsc#1033771). - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771). - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771). - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771). - USB: cdc-acm: fix write and resume race (bsc#1033771). - USB: cdc-acm: fix write and suspend race (bsc#1033771). - USB: hub: Fix crash after failure to read BOS descriptor - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794). - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816). - USB: serial: mos7720: fix parallel probe (bsc#1033816). - USB: serial: mos7720: fix parport use-after-free on probe errors (bsc#1033816). - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816). - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026). - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL (bsc#1023014). - Update metadata for serial fixes (bsc#1013070) - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - clocksource: Remove 'weak' from clocksource_default_clock() declaration (bnc#1013018). - dlm: backport 'fix lvb invalidation conditions' (bsc#1005651). - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81) - enic: set skb->hash type properly (bsc#911105). - ext4: fix mballoc breakage with 64k block size (bsc#1013018). - ext4: fix stack memory corruption with 64k block size (bsc#1013018). - ext4: reject inodes with negative size (bsc#1013018). - fuse: initialize fc->release before calling it (bsc#1013018). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - i40e: avoid null pointer dereference (bsc#909486). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508). - kabi: fix (bsc#1008893). - lockd: use init_utsname for id encoding (bsc#1033804). - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md/linear: shutup lockdep warnning (bsc#1018446). - mm/mempolicy.c: do not put mempolicy before using its nodemask (bnc#931620). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: null deref on allocation error (bsc#1013018). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: use pci_physfn() (bsc#999245). - posix-timers: Fix stack info leak in timer_create() (bnc#1013018). - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting smt_snooze_delay (bsc#1023163). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489). - powerpc/vdso64: Use double word compare on pointers (bsc#1016489). - rcu: Call out dangers of expedited RCU primitives (bsc#1008893). - rcu: Direct algorithmic SRCU implementation (bsc#1008893). - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893). - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893). - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893). - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893). - s390/kmsg: add missing kmsg descriptions (bnc#1025702). - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702). - s390/zcrypt: Introduce CEX6 toleration - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1013018). - scsi: zfcp: do not trace pure benign residual HBA responses at default level (bnc#1025702). - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702). - scsi: zfcp: fix use-after-'free' in FC ingress path after TMF (bnc#1025702). - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send (bnc#1025702). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: kill xfs_itruncate_start (bsc#1024788). - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788). - xfs: remove the i_size field in struct xfs_inode (bsc#1024788). - xfs: remove xfs_itruncate_data (bsc#1024788). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: split xfs_itruncate_finish (bsc#1024788). - xfs: split xfs_setattr (bsc#1024788). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). Important SUSE bug 1005651 SUSE bug 1008374 SUSE bug 1008893 SUSE bug 1013018 SUSE bug 1013070 SUSE bug 1013800 SUSE bug 1013862 SUSE bug 1016489 SUSE bug 1017143 SUSE bug 1018263 SUSE bug 1018446 SUSE bug 1019168 SUSE bug 1020229 SUSE bug 1021256 SUSE bug 1021913 SUSE bug 1022971 SUSE bug 1023014 SUSE bug 1023163 SUSE bug 1023888 SUSE bug 1024508 SUSE bug 1024788 SUSE bug 1024938 SUSE bug 1025235 SUSE bug 1025702 SUSE bug 1026024 SUSE bug 1026260 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027101 SUSE bug 1027178 SUSE bug 1028415 SUSE bug 1028880 SUSE bug 1029212 SUSE bug 1029770 SUSE bug 1030213 SUSE bug 1030573 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031579 SUSE bug 1032141 SUSE bug 1033336 SUSE bug 1033771 SUSE bug 1033794 SUSE bug 1033804 SUSE bug 1033816 SUSE bug 1034026 SUSE bug 909486 SUSE bug 911105 SUSE bug 931620 SUSE bug 979021 SUSE bug 982783 SUSE bug 983212 SUSE bug 985561 SUSE bug 988065 SUSE bug 989056 SUSE bug 995542 SUSE bug 999245 CVE-2015-3288 CVE-2015-8970 CVE-2016-10200 CVE-2016-5243 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for lxc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for lynx (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for lynx fixes the following issues: - CVE-2016-9179: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. (bsc#1008642) Moderate SUSE bug 1008642 CVE-2016-9179 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for lynx (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for lynx fixes the following issues: Security issue fixed: - CVE-2017-1000211: Fix use after free in the HTMLparser that can resulting in memory disclosure (bsc#1068885). Moderate SUSE bug 1068885 CVE-2017-1000211 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for memcached (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for memcached fixes the following issues: - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) Moderate SUSE bug 1083903 CVE-2018-1000115 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for memcached (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following issues: - CVE-2016-8705: Server update remote code execution (bsc#1007870). - CVE-2017-9951: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) (bsc#1056865). Important SUSE bug 1007870 SUSE bug 1056865 CVE-2016-8705 CVE-2017-9951 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176). - CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177). - CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175). Important SUSE bug 973175 SUSE bug 973176 SUSE bug 973177 CVE-2016-3068 CVE-2016-3069 CVE-2016-3630 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mercurial fixes the following issues: Security issues fixed: - CVE-2016-3105: Versionsprior to 3.8 allowed arbitrary code execution when using the convert extension on Git repo. (bsc#978391) Moderate SUSE bug 978391 CVE-2016-3105 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mercurial fixes the following issues: - CVE-2017-9462: Arbitrary code execution was possible by remote users via 'hg serve --stdio' (bsc#1043063): Important SUSE bug 1043063 SUSE bug 1043502 CVE-2017-9462 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access (bsc#1053344) - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution (bsc#1052696) Moderate SUSE bug 1052696 SUSE bug 1053344 CVE-2017-1000115 CVE-2017-1000116 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mercurial fixes the following issues: - CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. (bsc#1071715): Moderate SUSE bug 1071715 CVE-2017-17458 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mercurial (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). Moderate SUSE bug 1100353 SUSE bug 1100354 SUSE bug 1100355 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mono-core (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mono-core (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mxml (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mxml fixes the following issues: Security issues fixed: - CVE-2016-4570, CVE-2016-4571: stack exhaustion parsing xml files using mxml (bsc#979205, bsc#979206) Moderate SUSE bug 979205 SUSE bug 979206 CVE-2016-4570 CVE-2016-4571 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 mysql was updated to version 5.5.49 to fix 13 security issues. These security issues were fixed: - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#976341). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#976341). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#976341). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#976341). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#976341). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#976341). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#976341). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#976341). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#976341). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#976341). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com (bsc#963806). More details are available at - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html Important SUSE bug 963806 SUSE bug 976341 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Moderate SUSE bug 934789 SUSE bug 959724 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913). - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919). - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922). - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926). - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html Bugs fixed: - bsc#967374: properly restart mysql multi instances during upgrade - bnc#937258: multi script to restart after crash Important SUSE bug 937258 SUSE bug 967374 SUSE bug 989913 SUSE bug 989919 SUSE bug 989922 SUSE bug 989926 SUSE bug 998309 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This mysql version update to 5.5.53 fixes the following issues: - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html Important SUSE bug 1005558 SUSE bug 1005580 SUSE bug 1005581 CVE-2016-5584 CVE-2016-6662 CVE-2016-7440 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890) - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html Important SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Important SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1029014 SUSE bug 1029396 SUSE bug 1034850 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql fixes the following issues: - CVE-2017-3635: C API unspecified vulnerability (bsc#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (bsc#1049399) - CVE-2017-3641: DML unspecified vulnerability (bsc#1049404) - CVE-2017-3648: Charsets unspecified vulnerability (bsc#1049411) - CVE-2017-3651: Client mysqldump unspecified vulnerability (bsc#1049415) - CVE-2017-3652: DDL unspecified vulnerability (bsc#1049416) - CVE-2017-3653: DDL unspecified vulnerability (bsc#1049417) Moderate SUSE bug 1049398 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049411 SUSE bug 1049415 SUSE bug 1049416 SUSE bug 1049417 SUSE bug 1049422 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html Important SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064119 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369) - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html Moderate SUSE bug 1076369 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate SUSE bug 1089987 CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for mysql to version 5.5.61 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-3066: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3063: Fixed an easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101677) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html) Moderate SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1101679 SUSE bug 1101680 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Important SUSE bug 1013882 SUSE bug 1112368 SUSE bug 1112369 SUSE bug 1112432 CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nagios (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Moderate SUSE bug 1011630 SUSE bug 1018047 CVE-2016-10089 CVE-2016-8641 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nasm (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for nasm fixes the following issues: Security issue fixed: - CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936) Moderate SUSE bug 1047936 CVE-2017-10686 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nautilus (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file (bsc#1060031). Low SUSE bug 1060031 CVE-2017-14604 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for ncurses (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Important SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). Important SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1069530 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-16879 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Moderate SUSE bug 1056127 CVE-2017-13733 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for net-snmp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for netatalk (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading for arbitrary code execution with root privileges. (bsc#1119540) Important SUSE bug 1119540 CVE-2018-1160 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for netpbm (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Moderate SUSE bug 1024287 CVE-2017-2581 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntfs-3g (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ntfs-3g fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Low SUSE bug 1022500 CVE-2017-0358 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtasn1 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Moderate SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ocaml (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ocaml fixes the following issue: Security issue fixed: - CVE-2015-8869: Prevent buffer overflow and information leak. (bsc#977990) Moderate SUSE bug 977990 CVE-2015-8869 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ocaml (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ocaml fixes the following issues: - CVE-2018-9838: Integer overflows when unmarshaling a bigarray data could result in a bigarray with impossibly large dimensions leading to overflow when computing the in-memory size of the bigarray. [bsc#1088591] Moderate SUSE bug 1088591 CVE-2018-9838 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ocaml (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] Important SUSE bug 1088591 CVE-2018-9838 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for opensc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16422 CVE-2018-16423 CVE-2018-16427 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openslp (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 984663 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) Moderate SUSE bug 1089039 CVE-2018-0737 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openwsman (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for osc (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update provides osc 0.152.0 with various fixes and improvements. This security issue was fixed: - CVE-2015-0778: Shell command injection via crafted _service files. (bsc#901643) For a comprehensive list of changes, please refer to the package's change log. Low SUSE bug 901643 SUSE bug 936939 CVE-2015-0778 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pam (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - CVE-2013-7041: Compare password hashes case-sensitively (bsc#854480). This non-security issue was fixed: - bsc#962220: Don't fail when /var/log/btmp is corrupted Moderate SUSE bug 854480 SUSE bug 934920 SUSE bug 962220 CVE-2013-7041 CVE-2015-3238 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a '(eval)' directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] Moderate SUSE bug 929027 SUSE bug 967082 SUSE bug 987887 SUSE bug 988311 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - reformat baselibs.conf as source validator workaround Low SUSE bug 1047178 CVE-2017-6512 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). Moderate SUSE bug 1082216 SUSE bug 1082233 CVE-2018-6798 CVE-2018-6913 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Moderate SUSE bug 1096718 CVE-2018-12015 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl-DBD-mysql fixes the following issues: - Add patch to fix CVE-2016-1251 (bsc#1012546) use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Moderate SUSE bug 1012546 CVE-2016-1251 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Moderate SUSE bug 1002626 SUSE bug 1010457 CVE-2016-1246 CVE-2016-1249 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a \'your communication with the server will be encrypted\' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059) - CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095) Moderate SUSE bug 1047059 SUSE bug 1047095 CVE-2017-10788 CVE-2017-10789 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-SOAP-Lite (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for perl-SOAP-Lite fixes the following issue: Security issue fixed: - CVE-2015-8978: XML exponential entity expansion denial-of-service (bsc#1011836) Moderate SUSE bug 1011836 CVE-2015-8978 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) Moderate SUSE bug 938719 SUSE bug 938721 CVE-2015-5589 CVE-2015-5590 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074] Important SUSE bug 935074 SUSE bug 942291 SUSE bug 942294 SUSE bug 942295 SUSE bug 942296 SUSE bug 945412 SUSE bug 945428 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 CVE-2014-9767 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Moderate SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4073 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) - CVE-2015-8879: odbc_bindcols function in ext/odbc/php_odbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050) Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 SUSE bug 977991 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 SUSE bug 981050 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 SUSE bug 982162 CVE-2014-9767 CVE-2015-4116 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Important SUSE bug 986004 SUSE bug 986244 SUSE bug 986386 SUSE bug 986388 SUSE bug 986393 CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Moderate SUSE bug 987530 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 CVE-2014-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] * Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Moderate SUSE bug 1012232 SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 SUSE bug 974305 CVE-2014-9912 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Important SUSE bug 1019550 SUSE bug 1022219 SUSE bug 1022255 SUSE bug 1022257 SUSE bug 1022260 SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246) - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883) - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889) - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (bsc#1040891) Moderate SUSE bug 1031246 SUSE bug 1035111 SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2016-6294 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Important SUSE bug 1031246 SUSE bug 1044976 CVE-2017-7272 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112). - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111] - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454). - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094). - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096). Moderate SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 1054430 SUSE bug 986386 CVE-2016-10168 CVE-2016-10397 CVE-2016-5766 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-12933 CVE-2017-7890 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Moderate SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. (bsc#986247) - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. (bsc#986391) - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639) Important SUSE bug 1076220 SUSE bug 1076391 SUSE bug 1080234 SUSE bug 1083639 SUSE bug 986247 SUSE bug 986391 CVE-2016-10712 CVE-2016-5771 CVE-2016-5773 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Moderate SUSE bug 1096984 SUSE bug 1099098 CVE-2018-10360 CVE-2018-12882 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow leading to a heap based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Moderate SUSE bug 1103659 SUSE bug 1103836 SUSE bug 1105466 CVE-2017-9118 CVE-2018-14851 CVE-2018-14883 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Moderate SUSE bug 1108753 CVE-2018-17082 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123354 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pidgin (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for pidgin fixes the following issues: Security issues fixed: - CVE-2016-2367: Fixed a MXIT Avatar Length Memory Disclosure Vulnerability (bsc#991715). - CVE-2016-2370: Fixed a MXIT Custom Resource Denial of Service Vulnerability (bsc#991712). - CVE-2016-2371: Fixed a MXIT Extended Profiles Code Execution Vulnerability (bsc#991691). - CVE-2016-2372: Fixed a MXIT File Transfer Length Memory Disclosure Vulnerability (bsc#991711). - CVE-2016-2373: Fixed a MXIT Contact Mood Denial of Service Vulnerability (bsc#991709) Important SUSE bug 991691 SUSE bug 991709 SUSE bug 991711 SUSE bug 991712 SUSE bug 991715 CVE-2016-2367 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pidgin (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for pidgin fixes the following issues: The following security vulnerability was fixed: - CVE-2017-2640: Fixed an out of bound write in purple_markup_unescape_entity, which could be triggered by a server controlled by an attacker and could lead to crashes or, in some extreme cases, to remote code execution on the client side (bsc#1028835). Moderate SUSE bug 1028835 CVE-2017-2640 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for poppler (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Moderate SUSE bug 976844 CVE-2015-8868 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for poppler (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) Moderate SUSE bug 1061265 SUSE bug 1064593 SUSE bug 1074453 CVE-2017-1000456 CVE-2017-14977 CVE-2017-15565 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix 'unresolved symbol' errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html - Relax dependency on libpq to major version. Important SUSE bug 949669 SUSE bug 949670 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). For the non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Important SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Moderate SUSE bug 1029547 SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Important SUSE bug 1104199 CVE-2018-10915 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ppp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Moderate SUSE bug 927841 CVE-2015-3310 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Moderate SUSE bug 984751 SUSE bug 985348 SUSE bug 989523 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python fixes the following issues: - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). Moderate SUSE bug 1068664 CVE-2017-1000158 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Important SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 985177 CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Moderate SUSE bug 1109847 CVE-2018-14647 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python-numpy (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for python-setuptools (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 python-setuptools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189) Moderate SUSE bug 930189 CVE-2013-7440 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). Moderate SUSE bug 970952 CVE-2016-2342 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga (group: quagga, mode: 750) and read configuration files installed there (group: quagga, mode: 640). Low SUSE bug 770619 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Moderate SUSE bug 977012 CVE-2016-4049 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Important SUSE bug 1005258 CVE-2016-1245 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet 'vty' CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet 'vty' CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default 'zebra.conf' config file are now disabled. The vty interface is available via 'vtysh' utility using pam authentication to permit management access for root without password. [bsc#1021669] Important SUSE bug 1021669 SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ruby (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Moderate SUSE bug 926974 SUSE bug 959495 SUSE bug 986630 CVE-2015-1855 CVE-2015-7551 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-actionpack-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-actionpack-3_2 fixes the following issues: - CVE-2016-0751: Object Leak DoS (bsc#963331) - CVE-2016-0752: Directory traversal and information leak in Action View (bsc#963332) - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Moderate SUSE bug 963329 SUSE bug 963331 SUSE bug 963332 CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-actionpack-3_2 (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-actionpack-3_2 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. (bsc#968850) - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (bsc#968849) Important SUSE bug 968849 SUSE bug 968850 CVE-2016-2097 CVE-2016-2098 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-activerecord-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-activerecord-3_2 fixes the following issues: - CVE-2015-7577: rubygem-activerecord: Nested attributes rejection proc bypass (bsc#963330) Moderate SUSE bug 963330 CVE-2015-7577 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-activesupport-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). Moderate SUSE bug 934800 CVE-2015-3227 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-activesupport-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-activesupport-3_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Moderate SUSE bug 963329 CVE-2015-7576 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-activesupport-3_2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-activesupport-3_2 fixes the following issues: The previous patch for CVE-2015-7576 was adding the file lib/active_support/security_utils.rb but this file was not being added into the gemspec,thus the final gem did not contain that file. Moderate SUSE bug 970715 CVE-2015-7576 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-mail-2_4 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for rubygem-mail-2_4 fixes the following issues: * bsc#959129: SMTP Injection via recipient email addresses Moderate SUSE bug 959129 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rubygem-rack-1_4 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 rubygem-rack-1_4 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797) Moderate SUSE bug 934797 CVE-2015-3225 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). Important SUSE bug 967017 SUSE bug 968222 CVE-2015-7560 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 936862 SUSE bug 967017 SUSE bug 971965 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) Moderate SUSE bug 1003731 SUSE bug 1009711 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 993692 SUSE bug 997833 CVE-2016-2125 CVE-2016-2126 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). Important SUSE bug 1027147 CVE-2017-2619 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Important SUSE bug 1027147 SUSE bug 1036283 CVE-2017-2619 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). Moderate SUSE bug 1042419 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12163 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). Moderate SUSE bug 1016531 SUSE bug 1063008 CVE-2017-15275 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Moderate SUSE bug 1081741 CVE-2018-1050 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) Important SUSE bug 1079449 SUSE bug 1103411 CVE-2018-10858 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sane-backends (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Spice was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787) Moderate SUSE bug 944460 SUSE bug 944787 SUSE bug 948976 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Important SUSE bug 1023078 SUSE bug 1023079 CVE-2016-9577 CVE-2016-9578 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) Important SUSE bug 1046779 CVE-2017-7506 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) Moderate SUSE bug 987394 CVE-2016-6153 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Moderate SUSE bug 1119687 CVE-2018-20346 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for subversion (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for subversion fixes the following issues: - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz (bsc#939517) - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) Moderate SUSE bug 939517 SUSE bug 976849 SUSE bug 976850 CVE-2015-3187 CVE-2016-2167 CVE-2016-2168 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for subversion (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for subversion fixes the following issue: - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// (bsc#1011552). - CVE-2017-9800: client code execution via argument injection in SSH URL (bnc#1051362) Important SUSE bug 1011552 SUSE bug 1051362 CVE-2016-8734 CVE-2017-9800 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tidy (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Low SUSE bug 933588 CVE-2015-5522 CVE-2015-5523 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Moderate SUSE bug 960341 SUSE bug 964225 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) Moderate SUSE bug 973340 SUSE bug 974449 SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). Moderate SUSE bug 1007280 SUSE bug 1011107 SUSE bug 1011845 SUSE bug 1017688 SUSE bug 1017690 SUSE bug 1017691 SUSE bug 1017692 SUSE bug 1031255 SUSE bug 1046077 SUSE bug 1048937 SUSE bug 1074318 SUSE bug 960341 SUSE bug 983436 CVE-2015-7554 CVE-2016-10095 CVE-2016-10268 CVE-2016-3945 CVE-2016-5318 CVE-2016-5652 CVE-2016-9453 CVE-2016-9536 CVE-2017-11335 CVE-2017-17973 CVE-2017-9935 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) Moderate SUSE bug 1017694 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033129 SUSE bug 1074317 SUSE bug 984808 SUSE bug 984809 SUSE bug 984831 SUSE bug 987351 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2016-5314 CVE-2016-5315 CVE-2017-18013 CVE-2017-7593 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). Moderate SUSE bug 1007276 SUSE bug 1011839 SUSE bug 1011846 SUSE bug 1017689 SUSE bug 1017690 SUSE bug 1019611 SUSE bug 1031263 SUSE bug 1082332 SUSE bug 1082825 SUSE bug 1086408 SUSE bug 974621 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-10266 CVE-2016-3632 CVE-2016-5318 CVE-2016-8331 CVE-2016-9535 CVE-2016-9540 CVE-2017-11613 CVE-2017-5225 CVE-2018-7456 CVE-2018-8905 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Moderate SUSE bug 1074186 SUSE bug 1092480 SUSE bug 960589 SUSE bug 983440 CVE-2015-8668 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Moderate SUSE bug 1106853 SUSE bug 1108627 SUSE bug 1108637 SUSE bug 1110358 CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1010163 SUSE bug 1014461 SUSE bug 1040080 SUSE bug 1040322 SUSE bug 1074186 SUSE bug 1099257 SUSE bug 1113672 SUSE bug 974446 SUSE bug 974447 SUSE bug 974448 SUSE bug 983440 CVE-2015-8870 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-5319 CVE-2016-9273 CVE-2017-17942 CVE-2017-9117 CVE-2017-9147 CVE-2018-12900 CVE-2018-18661 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). Moderate SUSE bug 1017693 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Low SUSE bug 1121626 SUSE bug 983268 CVE-2016-5102 CVE-2019-6128 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wavpack (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wavpack (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Moderate SUSE bug 1120930 CVE-2018-19840 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Low) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Moderate SUSE bug 968565 SUSE bug 976944 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bsc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bsc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bsc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bsc#991016) - CVE-2016-6508: wireshark: RLC long loop (bsc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bsc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bsc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671) - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671) - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671) - CVE-2016-5353: UMTS FP crash (bsc#983671) - CVE-2016-5354: USB dissector crash (bsc#983671) - CVE-2016-5355: Toshiba file parser crash (bsc#983671) - CVE-2016-5356: CoSine file parser crash (bsc#983671) - CVE-2016-5357: NetScreen file parser crash (bsc#983671) - CVE-2016-5358: Ethernet dissector crash (bsc#983671) - CVE-2016-5359: WBXML infinite loop (bsc#983671) For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Moderate SUSE bug 983671 SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936). - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937). - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938). - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939). - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940). - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941). - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942). - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943). - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944). - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945). - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963). - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735). - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740). - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752). - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754). - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761). - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762). - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763). - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800). - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964). - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913). - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739). - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739). Moderate SUSE bug 1002981 SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010911 SUSE bug 1021739 SUSE bug 1025913 SUSE bug 1027998 SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 SUSE bug 998761 SUSE bug 998762 SUSE bug 998763 SUSE bug 998800 SUSE bug 998963 SUSE bug 998964 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Moderate SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Moderate SUSE bug 1044417 SUSE bug 1045341 SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 SUSE bug 1062645 SUSE bug 1070727 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-9617 CVE-2017-9766 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Moderate SUSE bug 1077080 SUSE bug 1082692 CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Moderate SUSE bug 1088200 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 (bsc#1106514): Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Moderate SUSE bug 1106514 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issue was fixed: - Kdump did not work in a XEN environment (bsc#925466). Important SUSE bug 925466 SUSE bug 935634 SUSE bug 938344 CVE-2015-3259 CVE-2015-5154 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#949549: xm create hangs when maxmen value is enclosed in quotes Important SUSE bug 877642 SUSE bug 901488 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 945167 SUSE bug 947165 SUSE bug 949138 SUSE bug 949549 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen was updated to fix 47 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958917). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969121). - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969122). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962320). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend - bsc#959928: When DomU is in state running xm domstate returned nothing Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864673 SUSE bug 864678 SUSE bug 864682 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 924018 SUSE bug 928393 SUSE bug 945404 SUSE bug 945989 SUSE bug 954872 SUSE bug 956829 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958523 SUSE bug 958917 SUSE bug 959005 SUSE bug 959387 SUSE bug 959695 SUSE bug 959928 SUSE bug 960334 SUSE bug 960707 SUSE bug 960725 SUSE bug 960835 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961358 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 963923 SUSE bug 964413 SUSE bug 965315 SUSE bug 965317 SUSE bug 967012 SUSE bug 967013 SUSE bug 967630 SUSE bug 967969 SUSE bug 969121 SUSE bug 969122 SUSE bug 969350 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#986586: Out of memory (oom) during boot on 'modprobe xenblk' (non xen kernel) - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend. Additional memory adjustment made. - bsc#974912: Persistent performance drop after live-migration using xend tool stack - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#989235: xen dom0 xm create command only searched /etc/xen instead of /etc/xen/vm - Live Migration SLES 11 SP3 to SP4 on AMD: 'xc: error: Couldn't set extended vcpu0 info' - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Important SUSE bug 954872 SUSE bug 955399 SUSE bug 957986 SUSE bug 958848 SUSE bug 961600 SUSE bug 963161 SUSE bug 964427 SUSE bug 967630 SUSE bug 973188 SUSE bug 974038 SUSE bug 974912 SUSE bug 975130 SUSE bug 975138 SUSE bug 975907 SUSE bug 976058 SUSE bug 976111 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 979035 SUSE bug 979620 SUSE bug 979670 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 981276 SUSE bug 982024 SUSE bug 982025 SUSE bug 982026 SUSE bug 982224 SUSE bug 982225 SUSE bug 982286 SUSE bug 982695 SUSE bug 982960 SUSE bug 983973 SUSE bug 983984 SUSE bug 985503 SUSE bug 986586 SUSE bug 988675 SUSE bug 989235 SUSE bug 990843 SUSE bug 990923 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD Important SUSE bug 966467 SUSE bug 970135 SUSE bug 971949 SUSE bug 988675 SUSE bug 990970 SUSE bug 991934 SUSE bug 992224 SUSE bug 993507 SUSE bug 994136 SUSE bug 994421 SUSE bug 994625 SUSE bug 994761 SUSE bug 994772 SUSE bug 994775 SUSE bug 995785 SUSE bug 995789 SUSE bug 995792 SUSE bug 997731 CVE-2016-6258 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1004016) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue wasfixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit This update also delivers man-pages-supplement since some of the man-pages in there are now contained in the xen package itself. Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1004016 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Important SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025188) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1024186) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1022627) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014490) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV to SP4 Important SUSE bug 1000195 SUSE bug 1002496 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014490 SUSE bug 1014507 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022627 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024183 SUSE bug 1024186 SUSE bug 1024307 SUSE bug 1024834 SUSE bug 1025188 SUSE bug 907805 SUSE bug 987002 CVE-2014-8106 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). These non-security issues were fixed: - bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827: Forward port xenstored Important SUSE bug 1022555 SUSE bug 1026636 SUSE bug 1027519 SUSE bug 1027570 SUSE bug 1028235 SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1030442 CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch Important SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 SUSE bug 1035483 CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297) - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470) - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924) These non-security issues were fixed: - bsc#1032148: Ensure that time doesn't goes backwards during live migration of HVM domU - bsc#1031460: Fixed DomU Live Migration - bsc#1014136: Fixed kdump SLES12-SP2 - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration speed Important SUSE bug 1014136 SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1031460 SUSE bug 1032148 SUSE bug 1034845 SUSE bug 1036470 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042863 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042924 SUSE bug 1042931 SUSE bug 1042938 SUSE bug 1043074 SUSE bug 1043297 CVE-2017-8112 CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 CVE-2017-9374 CVE-2017-9503 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). This non-security issue was fixed: - bsc#1032598: Prevent removal of NVME devices - bsc#1037413: Support for newer intel cpu's, mwait-idle driver and skylake Important SUSE bug 1027519 SUSE bug 1032598 SUSE bug 1037413 SUSE bug 1046637 SUSE bug 1047675 SUSE bug 1048920 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 SUSE bug 1056278 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1027519 SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056336) This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install Important SUSE bug 1055047 SUSE bug 1056336 SUSE bug 1061075 SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-13672 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). These non-security issues were fixed: - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1031382: Prevent VMs from crashing when migrating between dom0 hosts in case read() returns zero on the receiver side. Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1035442 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1080635 SUSE bug 1080662 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). These non-security issues were fixed: - bsc#1072834: Prevent unchecked MSR access error - bsc#1035442: Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds, allowing for more domUs to be shutdown in parallel - bsc#1057493: Prevent DomU crash Important SUSE bug 1027519 SUSE bug 1035442 SUSE bug 1057493 SUSE bug 1072834 SUSE bug 1083292 SUSE bug 1086107 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January. Moderate SUSE bug 1027519 SUSE bug 1079730 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1098744 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3665 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). These non-security issues were fixed: - bsc#1102116: SSBD is not virtualized for guests - bsc#1092631: Preserve the xl dmesg output after boot for determining what speculative mitigations have been detected by the hypervisor. - bsc#1101684: Make xen able to disable the visibility of the new CPU flags. Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1101684 SUSE bug 1102116 CVE-2018-3646 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - Fixed an integer overflow in ccid_card_vscard_read(), which allowed for memory corruption. (bsc#1112188) - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336) - CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Upstream bug fixes (bsc#1027519) - Fixed crashing VMs when migrating between dom0 hosts (bsc#1031382) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1056336 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1110924 SUSE bug 1111007 SUSE bug 1111011 SUSE bug 1111014 SUSE bug 1112188 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues fixed: - Fixed an issue where VMs crashing when migrating between dom0 hosts (bsc#1031382). - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2019-6778 CVE-2019-9824 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update fixes the following security issues: - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 955399 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xerces-j2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xfsprogs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libICE (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) Moderate SUSE bug 1002991 CVE-2016-7942 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) Moderate SUSE bug 1019642 CVE-2013-1997 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Moderate SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXdmcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXfixes (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) Moderate SUSE bug 1002995 CVE-2016-7944 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXpm (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Moderate SUSE bug 1021315 CVE-2016-10164 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXrender (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Moderate SUSE bug 1003002 CVE-2016-7949 CVE-2016-7950 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXv (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) Moderate SUSE bug 1003017 CVE-2016-5407 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Moderate SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003012 SUSE bug 1003023 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libs fixes several issues. These security issues were fixed: - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 SUSE bug 1065386 CVE-2017-13720 CVE-2017-13722 CVE-2017-16612 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Moderate SUSE bug 1103511 CVE-2015-9262 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-server fixes the following issues: Security issues: - CVE-2017-2624: Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) Non security issues: - Use arc4random to generate cookies. (bsc#1025084) - XDrawArc performance improvement (bsc#1019649) - Fix byte swapping for gradeint stops (bsc#981044). - Remove unused function with use-after-free issue. (bsc#1025035) Moderate SUSE bug 1019649 SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 SUSE bug 981044 CVE-2017-2624 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. Important SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText (bsc#1051150). - Improve the entropy when generating random data used in X.org server authorization cookies generation by using getentropy() and getrandom() when available (bsc#1025084) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) Moderate SUSE bug 1025084 SUSE bug 1051150 SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13723 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Important SUSE bug 1078383 SUSE bug 1111697 CVE-2018-14665 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for yast2-storage (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for yast2-storage provides the following fixes: Security issues fixed: - Use standard IPC, and not temporary files, to pass passwords between processes. (bsc#986971, CVE-2016-5746) Non security bugs fixed: - Fix usage of complete multipath disk as LVM physical volume. (bsc#984245) - Load the correct multipath module (dm-multipath). (bsc#937942) - Improve message for creating volumes with a filesystem but without a mount point. (bsc#996208) Moderate SUSE bug 937942 SUSE bug 984245 SUSE bug 986971 SUSE bug 996208 CVE-2016-5746 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for zlib (Moderate) SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate (bnc#1003577) * CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) * CVE-2016-9843: Big-endian out-of-bounds pointer Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 cpe:/a:suse:sle-sdk:11:sp4 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sled:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1187509 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles:11:security Security update for clamav (Important) SUSE Linux Enterprise Server 11-SECURITY This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/o:suse:sles:11:security Security update for curl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005642 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Moderate SUSE bug 1015332 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Moderate SUSE bug 1015332 SUSE bug 1032309 SUSE bug 1051644 CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Moderate SUSE bug 1061876 CVE-2017-1000254 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] Moderate SUSE bug 1027712 SUSE bug 1077001 CVE-2016-7141 CVE-2018-1000007 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) Moderate SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Moderate SUSE bug 1106019 CVE-2018-14618 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 cpe:/o:suse:sles:11:security Security update for curl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles:11:security Security update for curl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles:11:security Security update for curl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicious FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). Moderate SUSE bug 1179398 SUSE bug 1179399 CVE-2020-8284 CVE-2020-8285 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). Moderate SUSE bug 1183933 CVE-2021-22876 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles:11:security Security update for curl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles:11:security Security update for curl SUSE Linux Enterprise Server 11-SECURITY This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150> * CVE-2014-3613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613> * CVE-2014-3707 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707> SUSE bug 870444 SUSE bug 884698 SUSE bug 885302 SUSE bug 894575 SUSE bug 897816 SUSE bug 901924 SUSE bug 911363 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 cpe:/o:suse:sles:11:security Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles:11:security Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles:11:security Security update for openssl1 SUSE Linux Enterprise Server 11-SECURITY This OpenSSL update fixes the following issues: * SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513> * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> SUSE bug 901223 SUSE bug 901277 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 cpe:/o:suse:sles:11:security Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Server 11-SECURITY openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/o:suse:sles:11:security Security update for openldap2 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - CVE-2019-13565: Fixed an authentication bypass caused by incorrect authorization of another connection, granting excess connection rights (bsc#1143194). - CVE-2019-13057: Fixed an issue with improper authorization with delegated database admin privileges (bsc#1143273). Important SUSE bug 1143194 SUSE bug 1143273 CVE-2019-13057 CVE-2019-13565 cpe:/o:suse:sles:11:security Security update for openldap2 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles:11:security Security update for openldap2 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). Important SUSE bug 1172698 CVE-2020-8023 cpe:/o:suse:sles:11:security Security update for openldap2 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles:11:security Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Moderate SUSE bug 1178909 CVE-2020-25709 CVE-2020-25710 cpe:/o:suse:sles:11:security Security update for openldap2 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. - resynchronise changelogs with subpackages (bsc#1184020). Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 SUSE bug 1184020 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles:11:security Security update for openldap2 SUSE Linux Enterprise Server 11-SECURITY openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) Security Issues: * CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> SUSE bug 846389 SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/o:suse:sles:11:security Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/o:suse:sles:11:security Security update for openslp (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Critical) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) - CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533) - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: ignore PAM environment when using login (bsc#975865) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) Bugs fixed: - avoid complaining about unset DISPLAY variable (bsc#981654) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - fix PRNG re-seeding (bsc#960414, bsc#729190) - Allow empty Match blocks (bsc#961494) Moderate SUSE bug 729190 SUSE bug 932483 SUSE bug 948902 SUSE bug 960414 SUSE bug 961368 SUSE bug 961494 SUSE bug 962313 SUSE bug 965576 SUSE bug 970632 SUSE bug 975865 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: - Properly verify CIDR masks in configuration (bsc#1005893) - CVE-2016-10009: limit directories for loading PKCS11 modules (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: These security issues were fixed: - CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service (bsc#1076957). - CVE-2017-15906: The process_open function did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files (bsc#1065000). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might have allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2008-1483: Prevent local users from hijacking forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. This problem was reontroduced by another patch and was previously fixed by another update (bsc#1069509). These non-security issues were fixed: - Remove duplicate KEX method (bsc#1053972) - New switch for printing diagnostic messages in sftp client's batch mode (bsc#1023275) - Enable case-insensitive hostname matching (bsc#1017099) Important SUSE bug 1016370 SUSE bug 1017099 SUSE bug 1023275 SUSE bug 1053972 SUSE bug 1065000 SUSE bug 1069509 SUSE bug 1076957 CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Following non-security issues were fixed: - Fix for sftp client because it returns wrong error code upon failure (bsc#1091396) - Stop leaking File descriptors (bsc#964336) Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 1106163 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles:11:security Security update for openssh-openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssh-openssl1 fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:sles:11:security Security update for openssl (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Improve S/390 performance on IBM z196 and z13 (bsc#954256) - Add support for 'ciphers' providing no encryption (bsc#937085) Moderate SUSE bug 937085 SUSE bug 954256 SUSE bug 957812 SUSE bug 957813 SUSE bug 957815 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 cpe:/o:suse:sles:11:security Security update for openssl (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Bugs fixed: - Avoid running OPENSSL_config twice. This avoids breaking engine loading. (bsc#952871) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968050 SUSE bug 968051 SUSE bug 968053 SUSE bug 968265 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root Certificate hashes - bsc#889013: Rename README.SuSE to the new spelling README.SUSE - bsc#976943: Fixed a buffer overrun in ASN1_parse. - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) Important SUSE bug 889013 SUSE bug 971354 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977616 SUSE bug 977617 SUSE bug 977621 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: penSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 982745 SUSE bug 983249 SUSE bug 990419 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - call c_rehash in %post (bsc#1001707) - ship static libraries in the devel package (bsc#1022644) Moderate SUSE bug 1000677 SUSE bug 1001707 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022644 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) - Require openssl1, so c_rehash1 is available during %post to hash the certificates (bsc#1057660) Important SUSE bug 1027908 SUSE bug 1032261 SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1057660 SUSE bug 1065363 SUSE bug 990592 CVE-2017-3735 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1089039 SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 CVE-2018-0737 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following security issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - Add missing commits fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory problem in 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles:11:security Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:security Security update for openssl1 (Low) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:security Security update for openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openssl1 fixes the following issues: - CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877) Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles:11:security Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] - The installed sample configuration file was updated to comply to FIPS requirements. [bsc#988522] - Remedy large latencies on the openVPN server during authentication process. [bsc#959511] - Fix potential denial-of-service attacks found during independent audits. [bsc#1038713, bsc#1038709, CVE-2017-7478, bsc#1038711, CVE-2017-7479] Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 1044947 SUSE bug 959511 SUSE bug 988522 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sles:11:security Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openvpn-openssl1 fixes the following issues: Security issue fixed: - CVE-2017-12166: Fix remote buffer overflow (bsc#1060877). Important SUSE bug 1060877 CVE-2017-12166 cpe:/o:suse:sles:11:security Security update for openvpn-openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openvpn-openssl1 fixes the following issues: - Fixed Out of bounds read on getaddrinfo() result (bsc#959714). Moderate SUSE bug 959714 cpe:/o:suse:sles:11:security Security update for openvpn-openssl1 (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for openvpn-openssl1 fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Moderate SUSE bug 1085803 SUSE bug 1185279 CVE-2018-7544 CVE-2020-15078 cpe:/o:suse:sles:11:security Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11-SECURITY This update for openvpn-openssl1 fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles:11:security Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. (fate#322032/bsc#1012814) This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on the WBEM SSL socket. Bugfixes: - Add sslNoSSLv3 and sslNoTLSv1 configuration options (bsc#923349, bsc#1008130) Moderate SUSE bug 1008130 SUSE bug 1012814 SUSE bug 923349 cpe:/o:suse:sles:11:security Security update for wget (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Moderate SUSE bug 958342 SUSE bug 984060 SUSE bug 995964 CVE-2016-4971 CVE-2016-7098 cpe:/o:suse:sles:11:security Security update for wget (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Moderate SUSE bug 1028301 CVE-2017-6508 cpe:/o:suse:sles:11:security Security update for wget (Moderate) SUSE Linux Enterprise Server 11-SECURITY This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) Moderate SUSE bug 1092061 CVE-2018-0494 cpe:/o:suse:sles:11:security Security update for ImageMagick SUSE Linux Enterprise Desktop 11 SP2 ImageMagick has been updated to fix an integer overflow (CVE-2012-3438). Also a slowness in 'convert' when resizing JPEG images has been addressed (bnc#754481). SUSE bug 754481 SUSE bug 773612 CVE-2012-3438 cpe:/o:suse:suse_sled:11:sp2 Security update for Mesa SUSE Linux Enterprise Desktop 11 SP2 This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993> SUSE bug 815451 SUSE bug 821855 CVE-2013-1993 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737> * CVE-2013-1735 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735> * CVE-2013-1736 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736> * CVE-2013-1732 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732> * CVE-2013-1730 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730> * CVE-2013-1726 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726> * CVE-2013-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725> * CVE-2013-1722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722> * CVE-2013-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718> * CVE-2013-1705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705> SUSE bug 840485 CVE-2013-1705 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1726 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 cpe:/o:suse:suse_sled:11:sp2 Security update for acroread SUSE Linux Enterprise Desktop 11 SP2 Adobe has discontinued the support of Adobe Reader for Linux in June 2013. Newer security problems and bugs are no longer fixed. As the Adobe Reader is binary only software and we cannot provide a replacement, SUSE declares the acroread package of Adobe Reader as being out of support and unmaintained. If you do not need Acrobat Reader, we recommend to uninstall the 'acroread' package. This update removes the Acrobat Reader PDF plugin to avoid automatic exploitation by clicking on web pages with embedded PDFs. The stand alone 'acroread' binary is still available, but again, we do not recommend to use it. SUSE bug 843835 cpe:/o:suse:suse_sled:11:sp2 Security update for bind SUSE Linux Enterprise Desktop 11 SP2 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/o:suse:suse_sled:11:sp2 Security update for bogofilter SUSE Linux Enterprise Desktop 11 SP2 A heap corruption in bogofilter's base64 decoding function, caused by incomplete multibyte characters, could have resulted in a Denial of Service (App. crash) or potentially allowed the execution of arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-5468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5468> SUSE bug 792939 CVE-2012-5468 cpe:/o:suse:suse_sled:11:sp2 Security update for Mono SUSE Linux Enterprise Desktop 11 SP2 Mono was updated to fix a cross site scripting attack in the System.Web class 'forbidden extensions' filtering has been fixed. (CVE-2012-3382) Security Issue reference: * CVE-2012-3382 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382> SUSE bug 769799 CVE-2012-3382 cpe:/o:suse:suse_sled:11:sp2 Security update for Samba SUSE Linux Enterprise Desktop 11 SP2 This update fixes the following security issues with Samba: * bnc#844720: DCERPC frag_len not checked (CVE-2013-4408) * bnc#853347: winbind pam security problem (CVE-2012-6150) * bnc#848101: No access check verification on stream files (CVE-2013-4475) And fixes the following non-security issues: * bnc#853021: libsmbclient0 package description contains comments * bnc#817880: rpcclient adddriver and setdrive do not set all needed registry entries * bnc#838472: Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME * bnc#854520 and bnc#849226: various upstream fixes Security Issue references: * CVE-2012-6150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150> * CVE-2013-4408 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408> * CVE-2013-4475 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475> SUSE bug 817880 SUSE bug 838472 SUSE bug 844720 SUSE bug 848101 SUSE bug 849226 SUSE bug 853021 SUSE bug 853347 SUSE bug 854520 CVE-2012-6150 CVE-2013-4408 CVE-2013-4475 cpe:/o:suse:suse_sled:11:sp2 Security update for clamav SUSE Linux Enterprise Desktop 11 SP2 This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. Security Issue references: * CVE-2013-2020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020> * CVE-2013-2021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021> SUSE bug 816865 CVE-2013-2020 CVE-2013-2021 cpe:/o:suse:suse_sled:11:sp2 Security update for compat-openssl097g SUSE Linux Enterprise Desktop 11 SP2 This compat-openssl097g rollup update contains various security fixes: * CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. Security Issue reference: * CVE-2012-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110> SUSE bug 758060 CVE-2012-2110 cpe:/o:suse:suse_sled:11:sp2 Security update for coreutils SUSE Linux Enterprise Desktop 11 SP2 This coreutils update fixes three minor security issues. * #798538 - VUL-1: CVE-2013-0221: segmentation fault in 'sort -d' and 'sort -M' with long line input * #796243 - VUL-1: CVE-2013-0222: segmentation fault in 'uniq' with long line input * #798541 - VUL-1: CVE-2013-0223: segmentation fault in 'join -i' with long line input Security Issue references: * CVE-2013-0221 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0221> * CVE-2013-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0222> * CVE-2013-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0223> SUSE bug 796243 SUSE bug 798538 SUSE bug 798541 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 cpe:/o:suse:suse_sled:11:sp2 Security update for CUPS SUSE Linux Enterprise Desktop 11 SP2 The following security issue has been fixed in the CUPS print daemon CVE-2012-5519: The patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup, SystemGroupAuthKey, TempDir, User. The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only. Additionally the following bug has been fixed: * strip trailing '@REALM' from username for Kerberos authentication (CUPS STR#3972 bnc#827109) Security Issue reference: * CVE-2012-5519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519> SUSE bug 789566 SUSE bug 827109 CVE-2012-5519 cpe:/o:suse:suse_sled:11:sp2 Security update for curl SUSE Linux Enterprise Desktop 11 SP2 This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015> SUSE bug 858673 CVE-2014-0015 cpe:/o:suse:suse_sled:11:sp2 Security update for dhcp SUSE Linux Enterprise Desktop 11 SP2 The ISC DHCP server had a denial of service issue in handling specific DDNS requests which could cause a out of memory usage situation. (CVE-2013-2266) This update also adds a dhcp6-server service template for SuSEfirewall2 (bnc#783002) Security Issues: * CVE-2013-2266 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266> SUSE bug 783002 SUSE bug 811934 CVE-2013-2266 cpe:/o:suse:suse_sled:11:sp2 Security update for pidgin SUSE Linux Enterprise Desktop 11 SP2 pidgin was updated to fix 4 security issues: * Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) * Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) * Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272, bnc#804742) * Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742) Security Issue references: * CVE-2013-0271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271> * CVE-2013-0272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272> * CVE-2013-0273 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273> * CVE-2013-0274 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274> SUSE bug 804742 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative 'height' header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a 'requiredFeatures' attribute is moved between documents. In that situation, the internal representation of the 'requiredFeatures' value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. SUSE bug 777588 CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues: * MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.) * MFSA 2012-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-3983: Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. * CVE-2012-3982: Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. * MFSA 2012-75 / CVE-2012-3984: Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation * MFSA 2012-76 / CVE-2012-3985: Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. * MFSA 2012-77 / CVE-2012-3986: Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. * MFSA 2012-78 / CVE-2012-3987: Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. This vulnerability only affects Firefox for Android. * MFSA 2012-79 / CVE-2012-3988: Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. * MFSA 2012-80 / CVE-2012-3989: Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. * MFSA 2012-81 / CVE-2012-3991: Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. * MFSA 2012-82 / CVE-2012-3994: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. * MFSA 2012-83: Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. * CVE-2012-3993: XrayWrapper pollution via unsafe COW * CVE-2012-4184: ChromeObjectWrapper is not implemented as intended * MFSA 2012-84 / CVE-2012-3992: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. * MFSA 2012-85: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. * CVE-2012-3995: Out of bounds read in IsCSSWordSpacingSpace * CVE-2012-4179: Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn * CVE-2012-4180: Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace * CVE-2012-4181: Heap-use-after-free in nsSMILAnimationController::DoSample * CVE-2012-4182: Heap-use-after-free in nsTextEditRules::WillInsert * CVE-2012-4183: Heap-use-after-free in DOMSVGTests::GetRequiredFeatures * MFSA 2012-86: Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. * CVE-2012-4185: Global-buffer-overflow in nsCharTraits::length * CVE-2012-4186: Heap-buffer-overflow in nsWaveReader::DecodeAudioData * CVE-2012-4187: Crash with ASSERTION: insPos too small * CVE-2012-4188: Heap-buffer-overflow in Convolve3x3 * MFSA 2012-87 / CVE-2012-3990: Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. * MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. Security Issue reference: * CVE-2012-3977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3977> * CVE-2012-3982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982> * CVE-2012-3983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983> * CVE-2012-3984 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984> * CVE-2012-3985 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985> * CVE-2012-3986 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986> * CVE-2012-3987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987> * CVE-2012-3988 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988> * CVE-2012-3989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989> * CVE-2012-3990 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990> * CVE-2012-3991 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991> * CVE-2012-3992 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992> * CVE-2012-3993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993> * CVE-2012-3994 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994> * CVE-2012-3995 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995> * CVE-2012-4179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179> * CVE-2012-4180 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180> * CVE-2012-4181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181> * CVE-2012-4182 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182> * CVE-2012-4183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183> * CVE-2012-4184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184> * CVE-2012-4185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185> * CVE-2012-4186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186> * CVE-2012-4187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187> * CVE-2012-4188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188> * CVE-2012-4192 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192> * CVE-2012-4193 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193> SUSE bug 783533 CVE-2012-3977 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3987 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 MozillaFirefox was updated to the 10.0.10ESR security release. The following issue has been fixed: * MFSA 2012-90: Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below. Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. * CVE-2012-4194: Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. * CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. * CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. SUSE bug 786522 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to 'top'. This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the '~' character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox 'new tab' page, the script will inherit the privileges of the privileged 'new tab' page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) SUSE bug 790140 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4206 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 cpe:/o:suse:suse_sled:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox was updated to the 10.0.12ESR release. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769> ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749> ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770> ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760> ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762> ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766> ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767> ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761> ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763> ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771> ) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829> ) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768> ) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. ( CVE-2013-0759 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759> ) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. ( CVE-2013-0744 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744> ) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751> ) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764> ) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745> ) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746> ) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747> ) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748> ) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750> ) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752> ) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757> ) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758> ) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753> ) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754> ) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755> ) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756> ) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743> ) SUSE bug 796895 CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 MozillaFirefox has been updated to the 17.0.4ESR release which fixes one important security issue: * MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. Security Issue reference: * CVE-2013-0787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787> SUSE bug 808243 CVE-2013-0787 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 MozillaFirefox has been updated to the 17.0.5ESR release fixing bugs and security issues. Also Mozilla NSS has been updated to version 3.14.3 and Mozilla NSPR to 4.9.6. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 19. (CVE-2013-0789) Jim Chen reported a memory safety problem that affects Firefox for Android * (CVE-2013-0790) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-33 / CVE-2013-0798: Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation. This vulnerability only affects Firefox for Android. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-079: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789> * CVE-2013-0790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 813026 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox has been updated to the17.0.6ESR security release. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0793 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 792432 SUSE bug 819204 CVE-2013-0788 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/o:suse:suse_sled:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox was updated to the 17.0.10ESR release, fixing various bugs and security issues: MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. * ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) * ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) * ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issues: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:suse_sled:11:sp2 Security update for flash-player SUSE Linux Enterprise Desktop 11 SP2 This update resolves an integer underflow vulnerability that could have been exploited to execute arbitrary code on the affected system (CVE-2014-0497). More information: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html <http://helpx.adobe.com/security/products/flash-player/apsb14-04.html> Security Issue references: * CVE-2014-0497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497> SUSE bug 862288 CVE-2014-0497 cpe:/o:suse:suse_sled:11:sp2 Security update for freetype2 SUSE Linux Enterprise Desktop 11 SP2 This update fixes: * OOB access in bdf_free_font() and _bdf_parse_glyphs() (CVE-2012-5668 and CVE-2012-5669) As well as the following non-security bugs: * [bdf] Savannah bug #37905. o src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in * [bdf] Fix Savannah bug #37906. o src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'. Security Issue references: * CVE-2012-5668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668> * CVE-2012-5669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669> SUSE bug 795826 CVE-2012-5668 CVE-2012-5669 cpe:/o:suse:suse_sled:11:sp2 Security update for ghostscript SUSE Linux Enterprise Desktop 11 SP2 This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue. Security Issue reference: * CVE-2012-4405 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405> SUSE bug 779700 CVE-2012-4405 cpe:/o:suse:suse_sled:11:sp2 Security update for glibc SUSE Linux Enterprise Desktop 11 SP2 This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in <sys/mount.h> (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412> * CVE-2013-0242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242> * CVE-2013-1914 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914> * CVE-2013-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237> * CVE-2013-4332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332> * CVE-2013-4788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788> SUSE bug 691365 SUSE bug 779320 SUSE bug 791928 SUSE bug 801246 SUSE bug 811979 SUSE bug 813121 SUSE bug 818628 SUSE bug 819347 SUSE bug 822210 SUSE bug 827811 SUSE bug 828235 SUSE bug 828637 SUSE bug 830268 SUSE bug 834594 SUSE bug 839870 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 cpe:/o:suse:suse_sled:11:sp2 Security update for GnuTLS SUSE Linux Enterprise Desktop 11 SP2 This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116> SUSE bug 821818 CVE-2013-2116 cpe:/o:suse:suse_sled:11:sp2 Security update for gpg2 SUSE Linux Enterprise Desktop 11 SP2 This GnuPG update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted. * CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed. Security Issue reference: * CVE-2013-4351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351> * CVE-2013-4402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402> SUSE bug 840510 SUSE bug 844175 CVE-2013-4351 CVE-2013-4402 cpe:/o:suse:suse_sled:11:sp2 Security update for gtk2 SUSE Linux Enterprise Desktop 11 SP2 The following issue has been fixed: * Specially crafted GIF and XBM files could have crashed gtk2 (CVE-2012-2370,CVE-2011-2485) Security Issue references: * CVE-2012-2370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370> * CVE-2011-2485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485> SUSE bug 702028 SUSE bug 762735 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:suse_sled:11:sp2 Security update for hplip SUSE Linux Enterprise Desktop 11 SP2 hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log) Security Issue references: * CVE-2013-4325 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325> * CVE-2013-0200 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200> * CVE-2013-6402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402> SUSE bug 808355 SUSE bug 835827 SUSE bug 836937 SUSE bug 852368 CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 cpe:/o:suse:suse_sled:11:sp2 Security update for icedtea-web SUSE Linux Enterprise Desktop 11 SP2 This icedtea-web update adds a missing fix for an off-by-one heap-based buffer overflow. bnc#840572: CVE-2013-4349: icedtea-web 1.4.1 fixes the missing patch for CVE-2012-4540. Security Issues: * CVE-2012-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540> * CVE-2013-4349 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4349> SUSE bug 840572 CVE-2012-4540 CVE-2013-4349 cpe:/o:suse:suse_sled:11:sp2 Security update for icu SUSE Linux Enterprise Desktop 11 SP2 This update is rereleased because some architectures were missed on the first try. It fixes the following security issues: * Specially crafted strings could cause a buffer overflow in icu ( CVE-2011-4599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599> ) * An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409> ) SUSE bug 657910 SUSE bug 736146 CVE-2011-4599 cpe:/o:suse:suse_sled:11:sp2 Security update for inkscape SUSE Linux Enterprise Desktop 11 SP2 inkscape was updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from the current directory. (CVE-2012-6076) Security Issue references: * CVE-2012-6076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6076> * CVE-2012-5656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656> SUSE bug 794958 SUSE bug 796306 CVE-2012-5656 CVE-2012-6076 cpe:/o:suse:suse_sled:11:sp2 Security update for OpenJDK 1.6 SUSE Linux Enterprise Desktop 11 SP2 OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues: * S8006900, CVE-2013-3829: Add new date/time capability * S8008589: Better MBean permission validation * S8011071, CVE-2013-5780: Better crypto provider handling * S8011081, CVE-2013-5772: Improve jhat * S8011157, CVE-2013-5814: Improve CORBA portablility * S8012071, CVE-2013-5790: Better Building of Beans * S8012147: Improve tool support * S8012277: CVE-2013-5849: Improve AWT DataFlavor * S8012425, CVE-2013-5802: Transform TransformerFactory * S8013503, CVE-2013-5851: Improve stream factories * S8013506: Better Pack200 data handling * S8013510, CVE-2013-5809: Augment image writing code * S8013514: Improve stability of cmap class * S8013739, CVE-2013-5817: Better LDAP resource management * S8013744, CVE-2013-5783: Better tabling for AWT * S8014085: Better serialization support in JMX classes * S8014093, CVE-2013-5782: Improve parsing of images * S8014102, CVE-2013-5778: Improve image conversion * S8014341, CVE-2013-5803: Better service from Kerberos servers * S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations * S8014530, CVE-2013-5825: Better digital signature processing * S8014534: Better profiling support * S8014987, CVE-2013-5842: Augment serialization handling * S8015614: Update build settings * S8015731: Subject java.security.auth.subject to improvements * S8015743, CVE-2013-5774: Address internet addresses * S8016256: Make finalization final * S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names * S8016675, CVE-2013-5797: Make Javadoc pages more robust * S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately * S8017287, CVE-2013-5829: Better resource disposal * S8017291, CVE-2013-5830: Cast Proxies Aside * S8017298, CVE-2013-4002: Better XML support * S8017300, CVE-2013-5784: Improve Interface Implementation * S8017505, CVE-2013-5820: Better Client Service * S8019292: Better Attribute Value Exceptions * S8019617: Better view of objects * S8020293: JVM crash * S8021290, CVE-2013-5823: Better signature validation * S8022940: Enhance CORBA translations * S8023683: Enhance class file parsing Security issue references: * CVE-2013-3829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829> * CVE-2013-5780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780> * CVE-2013-5772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772> * CVE-2013-5814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814> * CVE-2013-5790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790> * CVE-2013-5849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849> * CVE-2013-5802 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802> * CVE-2013-5851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851> * CVE-2013-5809 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809> * CVE-2013-5817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817> * CVE-2013-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783> * CVE-2013-5782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782> * CVE-2013-5778 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778> * CVE-2013-5803 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803> * CVE-2013-5840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840> * CVE-2013-5825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825> * CVE-2013-5842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842> * CVE-2013-5774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774> * CVE-2013-5804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804> * CVE-2013-5797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797> * CVE-2013-5850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850> * CVE-2013-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829> * CVE-2013-5830 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830> * CVE-2013-4002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002> * CVE-2013-5784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784> * CVE-2013-5820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820> * CVE-2013-5823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823> SUSE bug 852367 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 cpe:/o:suse:suse_sled:11:sp2 Security update for kdelibs4 SUSE Linux Enterprise Desktop 11 SP2 This kdelibs4 update fixes several security issues related to khtml/konqueror. * Fix security issues and null pointer references in khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515) Security Issue references: * CVE-2012-4512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512> * CVE-2012-4513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513> * CVE-2012-4515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515> SUSE bug 787520 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 cpe:/o:suse:suse_sled:11:sp2 Security update for Linux kernel SUSE Linux Enterprise Desktop 11 SP2 The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a regression introduced by the previous update: * scsi_dh_alua: Incorrect reference counting in the SCSI ALUA initialization code lead to system crashes on boot (bnc#858831). As the update introducing the regression was marked security, this is also marked security even though this bug is not security relevant. SUSE bug 858831 cpe:/o:suse:suse_sled:11:sp2 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP2 This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418> SUSE bug 849240 CVE-2013-1418 cpe:/o:suse:suse_sled:11:sp2 Security update for KVM SUSE Linux Enterprise Desktop 11 SP2 This update fixes a file permission issue with qga (the QEMU Guest Agent) from the qemu/kvm package and includes several bug-fixes. (bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008) (bnc#712137) (bnc#824340) Security Issues: * CVE-2013-2007 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007> SUSE bug 712137 SUSE bug 725008 SUSE bug 786813 SUSE bug 818182 SUSE bug 824340 CVE-2013-2007 cpe:/o:suse:suse_sled:11:sp2 Security update for lcms SUSE Linux Enterprise Desktop 11 SP2 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:suse_sled:11:sp2 Security update for Samba SUSE Linux Enterprise Desktop 11 SP2 This update of Samba fixes one security issue and several bugs. The security fix is: * Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111> ) The non-security bug fixes merged from upstream Samba are: * Fix default name resolve order. (docs-xml, bso#7564). * Fix a segfault in vfs_aio_fork. (s3-aio-fork, bso#8836). * Remove whitespace in example samba.ldif. (docs, bso#8789) * Move print_backend_init() behind init_system_info(). (s3-smbd, bso#8845) * Prepend '/' to filename argument. (s3-docs, bso#8826) SUSE bug 757576 CVE-2012-2111 cpe:/o:suse:suse_sled:11:sp2 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP2 libqt4 has been updated to fix several security issues. * An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user (CVE-2013-0254). * openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) * Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied: * Add fix for qdbusviewer not matching args (bnc#784197) Security Issue reference: * CVE-2013-0254 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254> SUSE bug 784197 SUSE bug 797006 SUSE bug 802634 CVE-2013-0254 cpe:/o:suse:suse_sled:11:sp2 Security update for PostgreSQL SUSE Linux Enterprise Desktop 11 SP2 This update to version 9.1.9 fixes: * CVE-2013-1899: Fix insecure parsing of server command-line switches. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. Security Issue references: * CVE-2013-1899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899> * CVE-2013-1900 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900> * CVE-2013-1901 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901> SUSE bug 812525 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 cpe:/o:suse:suse_sled:11:sp2 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP2 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:suse_sled:11:sp2 Security update for MySQL SUSE Linux Enterprise Desktop 11 SP2 A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611). Security Issue references: * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613> * CVE-2012-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612> * CVE-2012-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611> SUSE bug 792444 CVE-2012-5611 CVE-2012-5612 CVE-2012-5613 CVE-2012-5615 cpe:/o:suse:suse_sled:11:sp2 Security update for OpenSSL SUSE Linux Enterprise Desktop 11 SP2 OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed. Security Issue references: * CVE-2013-0169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2013-0166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> SUSE bug 779952 SUSE bug 802648 SUSE bug 802746 CVE-2013-0166 CVE-2013-0169 cpe:/o:suse:suse_sled:11:sp2 Security update for libotr SUSE Linux Enterprise Desktop 11 SP2 This update fixes various heap overflows in libotr. CVE-2012-3461 has been assigned to this issue. Security Issue reference: * CVE-2012-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461> SUSE bug 777468 CVE-2012-3461 cpe:/o:suse:suse_sled:11:sp2 Security update for pcp SUSE Linux Enterprise Desktop 11 SP2 pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. * Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; (bnc#782967). o Fix pcp(1) command short-form pmlogger reporting. o Fix pmdalogger error handling for directory files. o Fix pmstat handling of odd corner case in CPU metrics. o Correct the python ctype used for pmAtomValue 32bit ints. o Add missing RPM spec dependency for python-ctypes. o Corrections to pmdamysql metrics units. o Add pmdamysql slave status metrics. o Improve pmcollectl error messages. o Parameterize pmcollectl CPU counts in interrupt subsys. o Fix generic RPM packaging for powerpc builds. o Fix python API use of reentrant libpcp string routines. o Python code backporting for RHEL5 in qa and pmcollectl. o Fix edge cases in capturing interrupt error counts. * Update to pcp-3.6.9. o Python wrapper for the pmimport API o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified). o Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents. o Rework use of C99 'restrict' keyword in pmdalogger (Debian bug: 689552) o Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there. o Win32 build updates o Add 'raw' disk active metrics so that existing tools like iostat can be emulated o Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it. o Add PMI error codes into the PCP::LogImport perl module. o Fix a typo in pmiUnits man page synopsis section o Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused pmcollectl imports (Redhat bug: 863210) o Allow event traces to be used in libpcp interpolate mode * Update to pcp-3.6.8. o Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/) o Several minor/basic fixes for pmdaoracle. o Improve pmcollectl compatibility. o Make a few clarifications to pmcollectl.1. o Improve python API test coverage. o Numerous updates to the test suite in general. o Allow pmda Install scripts to specify own dso name again. o Reconcile spec file differences between PCP flavours. o Fix handling of multiple contexts with a remote namespace. o Core socket interface abstractions to support NSS (later). o Fix man page SYNOPSIS section for pmUnpackEventRecords. o Add --disable-shared build option for static builds. * Update to pcp-3.6.6. o Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb). o Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly) o Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree. o Fix potential buffer overflow in pmlogger host name handling. o Reworked the configure --prefix handling to be more like the rest of the open source world. o Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306. Security Issue references: * CVE-2012-3418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418> * CVE-2012-3419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419> * CVE-2012-3420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420> * CVE-2012-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421> SUSE bug 732763 SUSE bug 775009 SUSE bug 775010 SUSE bug 775011 SUSE bug 775013 SUSE bug 782967 CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 cpe:/o:suse:suse_sled:11:sp2 Security update for pixman SUSE Linux Enterprise Desktop 11 SP2 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:suse_sled:11:sp2 Security update for poppler SUSE Linux Enterprise Desktop 11 SP2 This update of poppler fixes the following vulnerabilities: * CVE-2013-1788: Various invalid memory issues could be used by attackers supplying PDFs to crash the PDF viewer or potentially execute code. * CVE-2013-1789: A crash in poppler could be used by attackers providing PDFs to crash the PDF viewer. * CVE-2013-1790: An uninitialized memory read could be used by attackers providing PDFs to crash the PDF viewer. Security Issue references: * CVE-2013-1788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788> * CVE-2013-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789> * CVE-2013-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790> SUSE bug 806793 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 cpe:/o:suse:suse_sled:11:sp2 Security update for libproxy SUSE Linux Enterprise Desktop 11 SP2 This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. Security Issue reference: * CVE-2012-4505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505> SUSE bug 761626 SUSE bug 784523 CVE-2012-4505 cpe:/o:suse:suse_sled:11:sp2 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP2 LibreOffice was updated to SUSE 3.5 bugfix release 13 (based on upstream 3.5.6-rc2) which fixes a lot of bugs. The following bugs have been fixed: * polygon fill rule (bnc#759172) * open XML in Writer (bnc#777181) * undo in text objects (fdo#36138) * broken numbering level (bnc#760019) * better MathML detection (bnc#774921) * pictures in DOCX import (bnc#772094) * collapsing border painting (fdo#39415) * better DOCX text box export (fdo#45724) * hidden text in PPTX import (bnc#759180) * slide notes in PPTX import (bnc#768027) * RTL paragraphs in DOC import (fdo#43398) * better vertical text imports (bnc#744510) * HYPERLINK field in DOCX import (fdo#51034) * shadow color on partial redraw (bnc#773515) * floating objects in DOCX import (bnc#775899) * graphite2 hyphenation regression (fdo#49486) * missing shape position and size (bnc#760997) * page style attributes in ODF import (fdo#38056) * browsing in Template dialog crasher (fdo#46249) * wrong master slide shape being used (bnc#758565) * page borders regression in ODT import (fdo#38056) * invalidate bound rect after drag&drop (fdo#44534) * rotated shape margins in PPTX import (bnc#773048) * pasting into more than 1 sheet crasher (fdo#47311) * crashers in PPT/PPTX import (bnc#768027, bnc#774167 * missing footnote in DOCX/DOC/RTF export (fdo#46020) * checkbox no-label behaviour (fdo#51336, bnc#757602) * try somewhat harder to read w:position (bnc#773061) * FormatNumber can handle sal_uInt32 values (fdo#51793) * rectangle-paragraph tables in DOCX import (bnc#775899) * header and bullet in slideshow transition (bnc#759172) * default background color in DOC/DOCX export (fdo#45724) * font name / size attributes in DOCX import (bnc#774681) * zero rect. size causing wrong line positions (fdo#47434) * adjusted display of Bracket/BracePair in PPT (bnc#741480) * use Unicode functions for QuickStarter tooltip (fdo#52143) * TabRatio API and detect macro at group shape fixes (bnc#770708) * indented text in DOCX file does not wrap correctly (bnc#775906) * undocked toolbars do not show all icons in special ratio (fdo#47071) * cross-reference text when Caption order is Numbering first (fdo#50801) * bullet color same as following text by default (bnc#719988, bnc#734733) * misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) * libvisio was updated to 0.0.19: * file displays as blank page in Draw (fdo#50990) * Use the vendor SUSE instead of Novell, Inc. * Some NULL pointer dereferences were fixed. (CVE-2012-4233) Security Issue reference: * CVE-2012-4233 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4233> SUSE bug 719988 SUSE bug 734733 SUSE bug 741480 SUSE bug 744510 SUSE bug 757602 SUSE bug 758565 SUSE bug 759172 SUSE bug 759180 SUSE bug 760019 SUSE bug 760997 SUSE bug 768027 SUSE bug 770708 SUSE bug 772094 SUSE bug 773048 SUSE bug 773061 SUSE bug 773515 SUSE bug 774167 SUSE bug 774681 SUSE bug 774921 SUSE bug 775899 SUSE bug 775906 SUSE bug 777181 SUSE bug 778669 CVE-2012-4233 cpe:/o:suse:suse_sled:11:sp2 Security update for libssh2 SUSE Linux Enterprise Desktop 11 SP2 This update of libssh fixes multiple integer overflows. CVE-2012-4562 has been assigned to this issue. Security Issue reference: * CVE-2012-4562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562> SUSE bug 789827 CVE-2012-4562 cpe:/o:suse:suse_sled:11:sp2 Security update for libtiff SUSE Linux Enterprise Desktop 11 SP2 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:suse_sled:11:sp2 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP2 This libvirt update fixes a security issue. * bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix crash in remoteDispatchDomainMemoryStats * bnc#817008: Regression: vm-install fails to display on SLES 11 SP2 UV2000 Security Issue reference: * CVE-2013-4296 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296> SUSE bug 817008 SUSE bug 838638 CVE-2013-4296 cpe:/o:suse:suse_sled:11:sp2 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP2 libvirt received security and bugfixes: * CVE-2012-4423: Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed: * qemu: Fix probing for guest capabilities * xen-xm: Generate UUID if not specified * xenParseXM: don't dereference NULL pointer when script is empty Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 772586 SUSE bug 773621 SUSE bug 773626 SUSE bug 780432 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:suse_sled:11:sp2 Security update for libxml2 SUSE Linux Enterprise Desktop 11 SP2 This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877> SUSE bug 829077 SUSE bug 854869 CVE-2013-2877 cpe:/o:suse:suse_sled:11:sp2 Security update for libxslt SUSE Linux Enterprise Desktop 11 SP2 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:suse_sled:11:sp2 Security update for Mozilla NSS SUSE Linux Enterprise Desktop 11 SP2 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:suse_sled:11:sp2 Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Desktop 11 SP2 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:suse_sled:11:sp2 Security update for libfreebl3 SUSE Linux Enterprise Desktop 11 SP2 Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. SUSE bug 854367 cpe:/o:suse:suse_sled:11:sp2 Security update for OpenSSH SUSE Linux Enterprise Desktop 11 SP2 This update for OpenSSH provides the following fixes: * Implement remote denial of service hardening. (bnc#802639, CVE-2010-5107) * Use only FIPS 140-2 approved algorithms when FIPS mode is detected. (bnc#755505, bnc#821039) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) Security Issue reference: * CVE-2010-5107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107> SUSE bug 755505 SUSE bug 802639 SUSE bug 821039 SUSE bug 826906 CVE-2010-5107 cpe:/o:suse:suse_sled:11:sp2 Security update for openssl-certs SUSE Linux Enterprise Desktop 11 SP2 openssl-certs was updated with the current certificate data available from mozilla.org. Changes: * Updated certificates to revision 1.95 * Distrust a sub-ca that issued google.com certificates. 'Distrusted AC DG Tresor SSL' (bnc#854367) Many CA updates from Mozilla: * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability * new 'EE Certification Centre Root CA' * new 'T-TeleSec GlobalRoot Class 3' * revoke mis-issued intermediate CAs from TURKTRUST. SUSE bug 796628 SUSE bug 854367 cpe:/o:suse:suse_sled:11:sp2 Security update for openvpn SUSE Linux Enterprise Desktop 11 SP2 OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061> SUSE bug 843509 CVE-2013-2061 cpe:/o:suse:suse_sled:11:sp2 Security update for Perl SUSE Linux Enterprise Desktop 11 SP2 This update of Perl 5 fixes the following security issues: * fix rehash DoS [bnc#804415] [CVE-2013-1667] * improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] * fix glob denial of service [bnc#796014] [CVE-2011-2728] * sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] Security Issue references: * CVE-2013-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667> SUSE bug 789994 SUSE bug 796014 SUSE bug 797060 SUSE bug 804415 CVE-2013-1667 cpe:/o:suse:suse_sled:11:sp2 Security update for PostgreSQL SUSE Linux Enterprise Desktop 11 SP2 PostgreSQL has been updated to version 8.3.23 which fixes various bugs and one security issue. The security issue fixed in this release, CVE-2013-0255, allowed a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure. More information can be found at http://www.postgresql.org/about/news/1446/ <http://www.postgresql.org/about/news/1446/> Security Issue reference: * CVE-2013-0255 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255> SUSE bug 802679 CVE-2013-0255 cpe:/o:suse:suse_sled:11:sp2 Security update for puppet SUSE Linux Enterprise Desktop 11 SP2 This update for puppet fixes a remote code execution vulnerability in the 'resource_type' service. (CVE-2013-4761) Additionally, the update prevents puppet from executing initialization scripts that could trigger a system reboot when handling 'puppet resource service' calls. Security Issue reference: * CVE-2013-4761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761> SUSE bug 835122 SUSE bug 853982 CVE-2013-4761 cpe:/o:suse:suse_sled:11:sp2 Security update for Python SUSE Linux Enterprise Desktop 11 SP2 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:suse_sled:11:sp2 Security update for ruby SUSE Linux Enterprise Desktop 11 SP2 The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing Security Issue references: * CVE-2013-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164> * CVE-2009-0689 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689> SUSE bug 851803 CVE-2009-0689 CVE-2013-4164 cpe:/o:suse:suse_sled:11:sp2 Security update for strongswan SUSE Linux Enterprise Desktop 11 SP2 This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018> SUSE bug 833278 SUSE bug 840826 SUSE bug 847506 CVE-2013-5018 cpe:/o:suse:suse_sled:11:sp2 Security update for sudo SUSE Linux Enterprise Desktop 11 SP2 This update fixes the following security issues which allowed to bypass the sudo authentication: CVE-2013-1775, CVE-2013-1776, CVE-2013-2776 and CVE-2013-2777. Security Issue references: * CVE-2013-1775 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775> * CVE-2013-1776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776> * CVE-2013-2776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776> * CVE-2013-2777 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2777> SUSE bug 806919 SUSE bug 806921 SUSE bug 817349 SUSE bug 817350 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 cpe:/o:suse:suse_sled:11:sp2 Security update for telepathy-gabble SUSE Linux Enterprise Desktop 11 SP2 telepathy-gabble was updated to fix several remotely-triggerable NULL crashes (CVE-2013-1769) Security Issues: * CVE-2013-1769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769> SUSE bug 807449 CVE-2013-1769 cpe:/o:suse:suse_sled:11:sp2 Security update for telepathy-idle SUSE Linux Enterprise Desktop 11 SP2 Telepathy-idle did not check SSL certificates. CVE-2007-6746 was assigned to this issue. Security Issue reference: * CVE-2007-6746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746> SUSE bug 817120 CVE-2007-6746 cpe:/o:suse:suse_sled:11:sp2 Security update for usbmuxd SUSE Linux Enterprise Desktop 11 SP2 This update of usbmuxd fixes a heap-based buffer overflow which could be triggered via an overly long 'SerialNumber' field (CVE-2012-0065). Security Issue reference: * CVE-2012-0065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065> SUSE bug 742546 CVE-2012-0065 cpe:/o:suse:suse_sled:11:sp2 Security update for vino SUSE Linux Enterprise Desktop 11 SP2 vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745> SUSE bug 843174 CVE-2013-5745 cpe:/o:suse:suse_sled:11:sp2 Security update for wireshark SUSE Linux Enterprise Desktop 11 SP2 wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html <https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html> Security Issue references: * CVE-2013-7112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112> * CVE-2013-7113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113> * CVE-2013-7114 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114> SUSE bug 855980 SUSE bug 856496 SUSE bug 856498 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 XEN has been updated to fix various bugs and security issues: * CVE-2013-0153: (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. * CVE-2012-6075: qemu: The e1000 had overflows under some conditions, potentially corrupting memory. * CVE-2013-0154: (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only) * CVE-2012-5634: (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed: * bnc#805094 - xen hot plug attach/detach fails * bnc#802690 - domain locking can prevent a live migration from completing * bnc#797014 - no way to control live migrations o fix logic error in stdiostream_progress o restore logging in xc_save o add options to control migration tunables * bnc#806736: enabling xentrace crashes hypervisor * Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) * bnc#798188 - Add $network to xend initscript dependencies * bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 * bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel * Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch * bnc#793927 - Xen VMs with more than 2 disks randomly fail to start * Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch * Update to Xen 4.1.4 c/s 23432 * Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures * Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch * Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. Security Issue references: * CVE-2013-0153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153> * CVE-2012-6075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075> * CVE-2012-5634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634> SUSE bug 793927 SUSE bug 794316 SUSE bug 797014 SUSE bug 797031 SUSE bug 797523 SUSE bug 798188 SUSE bug 799694 SUSE bug 800156 SUSE bug 800275 SUSE bug 802690 SUSE bug 805094 SUSE bug 806736 CVE-2012-5634 CVE-2012-6075 CVE-2013-0153 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen and libvirt SUSE Linux Enterprise Desktop 11 SP2 Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN has been fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest * virt-manager - SLE11-SP2 ONLY * bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2 from SLES10 Security Issue reference: * CVE-2012-3432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432> SUSE bug 746702 SUSE bug 762484 SUSE bug 762963 SUSE bug 764982 SUSE bug 766283 SUSE bug 773393 SUSE bug 773401 SUSE bug 773955 CVE-2012-3432 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 XEN was updated 4.1.3 to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 The following related bugs in vm-install 0.5.12 have been fixed: * bnc#776300 - vm-install does not pass --extra-args in --upgrade * Add for support Open Enterprise Server 11 * Add support for Windows 8 and Windows Server 2012 * Add support for Ubuntu 12 (Precise Pangolin) Security Issue references: * CVE-2012-3496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496> * CVE-2012-3494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494> * CVE-2012-3495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495> * CVE-2012-3498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498> * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 776300 SUSE bug 776995 SUSE bug 777084 SUSE bug 777086 SUSE bug 777088 SUSE bug 777090 SUSE bug 777091 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 XEN was updated to fix various bugs and security issues: The following security issues have been fixed: * CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25) * CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA 20) * CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22) * CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA 23) * CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24) * CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) Also the following bugs have been fixed and upstream patches have been applied: * bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch * Upstream patches merged: 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch * bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 777890 SUSE bug 778105 SUSE bug 779212 SUSE bug 784087 SUSE bug 786516 SUSE bug 786517 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.patch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointers.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-crash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919> * CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920> * CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952> * CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964> * CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072> * CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076> * CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077> * CVE-2013-2078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078> SUSE bug 801663 SUSE bug 809662 SUSE bug 813673 SUSE bug 813675 SUSE bug 813677 SUSE bug 814709 SUSE bug 816156 SUSE bug 816159 SUSE bug 816163 SUSE bug 819416 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 XEN has been updated to version 4.1.6 which fixes various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even with disabled iommu * CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table pin error path * CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive console related xenstore keys * xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) Various bugs have also been fixed: * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * migrate.py support of short options dropped by PTF (bnc#824676) * after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing (bnc#803712) * various upstream fixes have been included Security Issue references: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> * CVE-2013-2211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211> * CVE-2013-4329 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 803712 SUSE bug 823011 SUSE bug 823608 SUSE bug 823786 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833796 SUSE bug 834751 SUSE bug 839596 SUSE bug 839600 SUSE bug 839618 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4416 cpe:/o:suse:suse_sled:11:sp2 Security update for Xen SUSE Linux Enterprise Desktop 11 SP2 Xen has been updated to fix a security issue and a bug: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. A non-security bug has also been fixed: * It is possible to start a VM twice on the same node (bnc#840997) Security Issue references: * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> SUSE bug 840997 SUSE bug 848657 CVE-2013-4494 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-server SUSE Linux Enterprise Desktop 11 SP2 This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424> SUSE bug 853846 CVE-2013-6424 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11 SUSE Linux Enterprise Desktop 11 SP2 This update fixes a stack buffer overflow in xorg-x11 in the bdfReadCharacters() function. CVE-2013-6462 has been assigned to this issue. Security Issue reference: * CVE-2013-6462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462> SUSE bug 854915 CVE-2013-6462 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libX11 SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664). Security Issue references: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXext SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXp SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXrender SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXt SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libXv SUSE Linux Enterprise Desktop 11 SP2 This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:suse_sled:11:sp2 Security update for xorg-x11-libxcb SUSE Linux Enterprise Desktop 11 SP2 This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064> SUSE bug 818829 SUSE bug 821584 CVE-2013-2064 cpe:/o:suse:suse_sled:11:sp2 Security update for zypper SUSE Linux Enterprise Desktop 11 SP2 The following issue has been fixed: * The zypper setuid wrapper linked against libzypp. This is not needed and added unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. Security Issue reference: * CVE-2012-0420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0420> SUSE bug 770630 CVE-2012-0420 cpe:/o:suse:suse_sled:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) * Use-after-free with SMIL Animation Controller. (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue: * Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues references: * CVE-2014-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533> * CVE-2014-1534 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534> * CVE-2014-1536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536> * CVE-2014-1537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537> * CVE-2014-1538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538> * CVE-2014-1541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541> * CVE-2014-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545> SUSE bug 881874 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545 cpe:/o:suse:suse_sled:11:sp3 Security update for Image Magick SUSE Linux Enterprise Desktop 11 SP3 ImageMagick has been updated to fix four security issues: * Crafted jpeg file could have lead to a Denial of Service (CVE-2014-8716). * Out-of-bounds memory access in resize code (CVE-2014-8354) * Out-of-bounds memory access in PCX parser (CVE-2014-8355). * Out-of-bounds memory error in DCM decode (CVE-2014-8562). Security Issues: * CVE-2014-8716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716> * CVE-2014-8355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355> * CVE-2014-8354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354> * CVE-2014-8562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562> SUSE bug 903204 SUSE bug 903216 SUSE bug 903638 SUSE bug 905260 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737> * CVE-2013-1735 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735> * CVE-2013-1736 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736> * CVE-2013-1732 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732> * CVE-2013-1730 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730> * CVE-2013-1726 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726> * CVE-2013-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725> * CVE-2013-1722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722> * CVE-2013-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718> * CVE-2013-1705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705> SUSE bug 840485 CVE-2013-1705 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1726 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Desktop 11 SP3 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16: * required for Firefox 29 * CVE-2014-1492: In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532> * CVE-2014-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531> * CVE-2014-1530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530> * CVE-2014-1529 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529> * CVE-2014-1524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524> * CVE-2014-1523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523> * CVE-2014-1520 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520> * CVE-2014-1518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518> SUSE bug 865539 SUSE bug 869827 SUSE bug 875378 SUSE bug 875803 CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816) * CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807) * Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801) Security Issues: * CVE-2015-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801> * CVE-2015-0807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807> * CVE-2015-0813 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813> * CVE-2015-0814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814> * CVE-2015-0816 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816> SUSE bug 925368 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0816 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp3 Security update for a2ps SUSE Linux Enterprise Desktop 11 SP3 The text to postscript converter a2ps received a security update. The fixps script did not call ghostscript with the -DSAFER option, allowing command execution by attacker supplied postscript files. Security Issue reference: * CVE-2014-0466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466> SUSE bug 871097 CVE-2014-0466 cpe:/o:suse:suse_sled:11:sp3 Security update for acroread SUSE Linux Enterprise Desktop 11 SP3 Adobe has discontinued the support of Adobe Reader for Linux in June 2013. Newer security problems and bugs are no longer fixed. As the Adobe Reader is binary only software and we cannot provide a replacement, SUSE declares the acroread package of Adobe Reader as being out of support and unmaintained. If you do not need Acrobat Reader, we recommend to uninstall the 'acroread' package. This update removes the Acrobat Reader PDF plugin to avoid automatic exploitation by clicking on web pages with embedded PDFs. The stand alone 'acroread' binary is still available, but again, we do not recommend to use it. SUSE bug 843835 cpe:/o:suse:suse_sled:11:sp3 Security update for augeas SUSE Linux Enterprise Desktop 11 SP3 Augeas has been updated to fix a symlink overwrite problem (CVE-2012-0786, CVE-2013-6412). Also a bug has been fixed where 'augtool -s set was failing' (bnc#876044) Additionally parsing the multipath configuration has been fixed. bnc#871323 Security Issues: * CVE-2012-0786 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786> * CVE-2013-6412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412> SUSE bug 853044 SUSE bug 871323 SUSE bug 876044 SUSE bug 885003 CVE-2012-0786 CVE-2013-6412 cpe:/o:suse:suse_sled:11:sp3 Security update for augeas (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/o:suse:suse_sled:11:sp3 Security update for bash SUSE Linux Enterprise Desktop 11 SP3 The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169> * CVE-2014-7186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186> * CVE-2014-7187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187> SUSE bug 898346 SUSE bug 898603 SUSE bug 898604 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/o:suse:suse_sled:11:sp3 Security update for bind SUSE Linux Enterprise Desktop 11 SP3 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/o:suse:suse_sled:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:suse_sled:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:suse_sled:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:suse_sled:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:suse_sled:11:sp3 Security update for binutils SUSE Linux Enterprise Desktop 11 SP3 binutils has been updated to fix eight security issues: * Lack of range checking leading to controlled write in _bfd_elf_setup_sections() (CVE-2014-8485). * Invalid read flaw in libbfd (CVE-2014-8484). * Write to uninitialized memory in the PE parser (CVE-2014-8501). * Crash in the PE parser (CVE-2014-8502). * Segfault in the ihex parser when it encounters a malformed ihex file (CVE-2014-8503). * Stack buffer overflow in srec_scan (CVE-2014-8504). * Out-of-bounds memory write while processing a crafted 'ar' archive (CVE-2014-8738). * Directory traversal vulnerability allowing random file deletion/creation (CVE-2014-8737). Security Issues: * CVE-2014-8501 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501> * CVE-2014-8502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502> * CVE-2014-8503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503> * CVE-2014-8504 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504> * CVE-2014-8485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485> * CVE-2014-8738 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738> * CVE-2014-8484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484> * CVE-2014-8737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737> SUSE bug 902676 SUSE bug 902677 SUSE bug 903655 SUSE bug 905735 SUSE bug 905736 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/o:suse:suse_sled:11:sp3 Security update for cabextract SUSE Linux Enterprise Desktop 11 SP3 cabextract was updated to fix two security issues: * CVE-2010-2800: A potential endless loop in decoding files. * CVE-2010-2801: Memory corruption due to integer overflows in buffer read handling. Security Issues references: * CVE-2010-2800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2800> * CVE-2010-2801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2801> SUSE bug 627753 CVE-2010-2800 CVE-2010-2801 cpe:/o:suse:suse_sled:11:sp3 Security update for cabextract (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This security update fixes the following issues: - Fix possible infinite loop caused DoS (bsc919283, CVE-2014-9556) - Fix zero dereference (bsc#934524, CVE-2014-9732) - Fix off by one (bsc#934527, CVE-2015-4470) - Fix buffer under-read crash (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934527 SUSE bug 934528 CVE-2014-9556 CVE-2014-9732 CVE-2015-4470 CVE-2015-4471 cpe:/o:suse:suse_sled:11:sp3 Security update for compat-openssl097g SUSE Linux Enterprise Desktop 11 SP3 OpenSSL was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) Security Issues: * CVE-2015-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789> * CVE-2015-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790> * CVE-2015-4000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000> SUSE bug 929678 SUSE bug 931698 SUSE bug 934489 SUSE bug 934491 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp3 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:suse_sled:11:sp3 Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xen SUSE Linux Enterprise Desktop 11 SP3 This update for the compat-wireless kernel modules provides many fixes and enhancements: * Fix potential crash problem in ath9k. (CVE-2014-2672, bnc#871148) * Fix improper updates of MAC addresses in ath9k_htc. (bnc#851426, CVE-2013-4579) * Fix stability issues in iwlwifi. (bnc#865475) * Improve support for Intel 7625 cards in iwlwifi. (bnc#51021) Installation notes: New driver modules may conflict with old modules, which are automatically loaded from the initrd file after reboot. To apply this maintenance update correctly, the following steps need to be executed on a SLEPOS system: * Rebuild image * Create specific scDistributionContainer with newly built initrd and kernel * Put the updated system image in it as a scPosImage object Alternatively, you can use a kernel parameter to enforce using the kernel from the system image: * Rebuild image * Set the kernel parameter FORCE_KEXEC, by adding the scPxeFileTemplate object under the relevant scPosImage object, with the scKernelParameters attribute containing 'FORCE_KEXEC=yes'. Security Issue references: * CVE-2014-2672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672> * CVE-2013-4579 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579> SUSE bug 851021 SUSE bug 851426 SUSE bug 865475 SUSE bug 871148 SUSE bug 883209 CVE-2013-4579 CVE-2014-2672 cpe:/o:suse:suse_sled:11:sp3 Security update for cpio SUSE Linux Enterprise Desktop 11 SP3 This cpio update fixes the following security issue: * bnc#907456: heap-based buffer overflow flaw in list_file() (CVE-2014-9112) Security Issues: * CVE-2014-9112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112> SUSE bug 907456 CVE-2014-9112 cpe:/o:suse:suse_sled:11:sp3 Security update for CUPS SUSE Linux Enterprise Desktop 11 SP3 This update fixes various issues in CUPS. * CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root. Security Issues: * CVE-2014-3537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537> * CVE-2014-5029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029> * CVE-2014-5030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030> * CVE-2014-5031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031> SUSE bug 887240 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cpe:/o:suse:suse_sled:11:sp3 Security update for curl SUSE Linux Enterprise Desktop 11 SP3 This curl update fixes the following security issues: * bnc#868627: wrong re-use of connections (CVE-2014-0138). * bnc#868629: IP address wildcard certificate validation (CVE-2014-0139). * bnc#870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: * CVE-2014-0138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138> * CVE-2014-0139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139> SUSE bug 868627 SUSE bug 868629 SUSE bug 870444 CVE-2014-0138 CVE-2014-0139 cpe:/o:suse:suse_sled:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/o:suse:suse_sled:11:sp3 Security update for curl SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150> * CVE-2014-3613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613> * CVE-2014-3707 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707> SUSE bug 870444 SUSE bug 884698 SUSE bug 885302 SUSE bug 894575 SUSE bug 897816 SUSE bug 901924 SUSE bug 911363 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 cpe:/o:suse:suse_sled:11:sp3 Security update for dbus-1 SUSE Linux Enterprise Desktop 11 SP3 Various denial of service issues were fixed in the DBUS service. * CVE-2014-3638: dbus-daemon tracks whether method call messages expect a reply, so that unsolicited replies can be dropped. As currently implemented, if there are n parallel method calls in progress, each method reply takes O(n) CPU time. A malicious user could exploit this by opening the maximum allowed number of parallel connections and sending the maximum number of parallel method calls on each one, causing subsequent method calls to be unreasonably slow, a denial of service. * CVE-2014-3639: dbus-daemon allows a small number of 'incomplete' connections (64 by default) whose identity has not yet been confirmed. When this limit has been reached, subsequent connections are dropped. Alban's testing indicates that one malicious process that makes repeated connection attempts, but never completes the authentication handshake and instead waits for dbus-daemon to time out and disconnect it, can cause the majority of legitimate connection attempts to fail. Security Issues: * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> SUSE bug 896453 CVE-2014-3638 cpe:/o:suse:suse_sled:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/o:suse:suse_sled:11:sp3 Security update for dhcpcd (Important) SUSE Linux Enterprise Desktop 11 SP3 dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:suse_sled:11:sp3 Security update for e2fsprogs SUSE Linux Enterprise Desktop 11 SP3 Two security issues were fixed in e2fsprogs: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346) Additionally, badblocks was enhanced to work with very large partitions. (bsc#932539) Security Issues: * CVE-2015-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247> * CVE-2015-1572 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572> SUSE bug 915402 SUSE bug 918346 SUSE bug 932539 CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:suse_sled:11:sp3 Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:suse_sled:11:sp3 Security update for elfutils SUSE Linux Enterprise Desktop 11 SP3 elfutils has been updated to fix one security issue: * CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662). Security Issues: * CVE-2014-9447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447> SUSE bug 911662 CVE-2014-9447 cpe:/o:suse:suse_sled:11:sp3 Security update for emacs SUSE Linux Enterprise Desktop 11 SP3 Emacs has been updated to fix the following issues: * Several cases of insecure usage of temporary files. (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424) * Use of vc-annotate for renamed files when using Git. (bnc#854683) Security Issues: * CVE-2014-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421> * CVE-2014-3422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422> * CVE-2014-3423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423> * CVE-2014-3424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424> SUSE bug 854683 SUSE bug 876847 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:suse_sled:11:sp3 Security update for evolution-data-server SUSE Linux Enterprise Desktop 11 SP3 evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901553 CVE-2014-3566 cpe:/o:suse:suse_sled:11:sp3 Security update for file SUSE Linux Enterprise Desktop 11 SP3 file was updated to fix one security issue. * An out-of-bounds read flaw file's donote() function. This could possibly lead to file executable crash (CVE-2014-3710). Security Issues: * CVE-2014-3710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710> SUSE bug 902367 CVE-2014-3710 cpe:/o:suse:suse_sled:11:sp3 Security update for finch SUSE Linux Enterprise Desktop 11 SP3 The pidgin Instant Messenger has been updated to fix various security issues: * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding Security Issue references: * CVE-2014-0020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020> * CVE-2013-6490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490> * CVE-2013-6489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489> * CVE-2013-6487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487> * CVE-2013-6486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486> * CVE-2013-6485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485> * CVE-2013-6484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484> * CVE-2013-6483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483> * CVE-2013-6482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482> * CVE-2013-6481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481> * CVE-2013-6479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479> * CVE-2013-6478 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478> * CVE-2013-6477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477> * CVE-2012-6152 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152> SUSE bug 861019 CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. * MFSA 2013-41: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References o Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20. * MFSA 2013-42 / CVE-2013-1670: Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. * MFSA 2013-43 / CVE-2013-1671: Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system. * MFSA 2013-44 / CVE-2013-1672: Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. * MFSA 2013-45: Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References: - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) * MFSA 2013-46 / CVE-2013-1674: Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. * MFSA 2013-47 / CVE-2013-1675: Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. * MFSA 2013-48: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. References o Out of Bounds Read in SelectionIterator::GetNextSegment (CVE-2013-1676) o Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677)) o Invalid write in _cairo_xlib_surface_add_glyph (CVE-2013-1678) o Heap-use-after-free in mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o Heap-use-after-free in nsFrameList::FirstChild (CVE-2013-1680) o Heap-use-after-free in nsContentUtils::RemoveScriptBlocker (CVE-2013-1681) * CVE-2012-1942 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942> * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0793 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> * CVE-2013-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801> * CVE-2013-1669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669> * CVE-2013-1670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670> * CVE-2013-1671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671> * CVE-2013-1672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672> * CVE-2013-1673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673> * CVE-2013-1674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674> * CVE-2013-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675> * CVE-2013-1676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676> * CVE-2013-1677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677> * CVE-2013-1678 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678> * CVE-2013-1679 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679> * CVE-2013-1680 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680> * CVE-2013-1681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681> * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 792432 SUSE bug 813026 SUSE bug 819204 SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues: * MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) * MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. * MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. * MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. * MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) o ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) o ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) * MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477> * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479> * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480> * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481> * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482> * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483> * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484> * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485> * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486> * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487> * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488> * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489> * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490> * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491> SUSE bug 859055 SUSE bug 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs: * MFSA 2014-15: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 24.3 and Firefox 27. (CVE-2014-1493) * Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato reported memory safety problems and crashes that affect Firefox 27. (CVE-2014-1494) * MFSA 2014-16 / CVE-2014-1496: Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system. * MFSA 2014-17 / CVE-2014-1497: Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. * MFSA 2014-18 / CVE-2014-1498: Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. * MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the webcam or microphone by masquerading as another site and gaining user permission through spoofing. * MFSA 2014-20 / CVE-2014-1500: Security researchers Tim Philipp Schaefers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application. * MFSA 2014-21 / CVE-2014-1501: Security researcher Alex Infuehr reported that on Firefox for Android it is possible to open links to local files from web content by selecting 'Open Link in New Tab' from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems. * MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances. * MFSA 2014-23 / CVE-2014-1504: Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces a browser crash with another bug, an XSS attack would occur during session restoration, bypassing the CSP on the site. * MFSA 2014-26 / CVE-2014-1508: Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresses. In combination with previous techniques used for SVG timing attacks, this could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-27 / CVE-2014-1509: Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed. * MFSA 2014-28 / CVE-2014-1505: Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511: Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. * MFSA 2014-30 / CVE-2014-1512: Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. * MFSA 2014-31 / CVE-2014-1513: Security researcher Jueri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution. * MFSA 2014-32 / CVE-2014-1514: Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. SUSE bug 868603 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html <https://www.mozilla.org/security/announce/2014/mfsa2014-63.html> * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html <https://www.mozilla.org/security/announce/2014/mfsa2014-56.html> * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html <https://www.mozilla.org/security/announce/2014/mfsa2014-57.html> * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html <https://www.mozilla.org/security/announce/2014/mfsa2014-58.html> * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html <https://www.mozilla.org/security/announce/2014/mfsa2014-59.html> * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html <https://www.mozilla.org/security/announce/2014/mfsa2014-66.html> * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html <https://www.mozilla.org/security/announce/2014/mfsa2014-61.html> * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html <https://www.mozilla.org/security/announce/2014/mfsa2014-62.html> * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html <https://www.mozilla.org/security/announce/2014/mfsa2014-64.html> * CVE-2014-1558,CVE-2014-1559,CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html <https://www.mozilla.org/security/announce/2014/mfsa2014-65.html> * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html <https://www.mozilla.org/security/announce/2014/mfsa2014-60.html> Security Issues: * CVE-2014-1557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557> * CVE-2014-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547> * CVE-2014-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548> * CVE-2014-1556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556> * CVE-2014-1544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544> * CVE-2014-1555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555> SUSE bug 887746 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues: * CVE-2014-1562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562> * CVE-2014-1567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567> SUSE bug 894370 CVE-2014-1562 CVE-2014-1567 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587> * CVE-2014-1588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588> * CVE-2014-1589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589> * CVE-2014-1590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590> * CVE-2014-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591> * CVE-2014-1592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592> * CVE-2014-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593> * CVE-2014-1594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594> * CVE-2014-1595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595> SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ <https://www.mozilla.org/en-US/security/advisories/> Security Issues: * CVE-2014-1569 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569> * CVE-2014-8634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634> * CVE-2014-8639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639> * CVE-2014-8641 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641> * CVE-2014-8638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638> * CVE-2014-8636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636> * CVE-2014-8637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637> * CVE-2014-8640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640> SUSE bug 910647 SUSE bug 910669 SUSE bug 913064 SUSE bug 913066 SUSE bug 913067 SUSE bug 913068 SUSE bug 913102 SUSE bug 913103 SUSE bug 913104 CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817> * CVE-2015-0818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818> SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 This update to Firefox 31.7.0 ESR fixes the following issues: * MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. * MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. * MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. * MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. * MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537. Security Issues: * CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> * CVE-2015-2708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708> * CVE-2015-2709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709> * CVE-2015-2710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710> * CVE-2015-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713> * CVE-2015-2716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716> SUSE bug 930622 CVE-2015-0797 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609> * CVE-2013-5610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610> * CVE-2013-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611> * CVE-2013-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612> * CVE-2013-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613> * CVE-2013-5614 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614> * CVE-2013-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615> * CVE-2013-5616 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616> * CVE-2013-5618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618> * CVE-2013-5619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619> * CVE-2013-6671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671> * CVE-2013-6672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672> * CVE-2013-6673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673> SUSE bug 854367 SUSE bug 854370 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Desktop 11 SP3 This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. This update fixes some regressions introduced by the previously released update. Security Issues: * CVE-2014-1574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574> * CVE-2014-1575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575> * CVE-2014-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576> * CVE-2014-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577> * CVE-2014-1578 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578> * CVE-2014-1581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581> * CVE-2014-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583> * CVE-2014-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585> * CVE-2014-1586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586> SUSE bug 900941 SUSE bug 905056 SUSE bug 905528 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:suse_sled:11:sp3 Security update for flac SUSE Linux Enterprise Desktop 11 SP3 flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962> * CVE-2014-9028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028> SUSE bug 906831 SUSE bug 907016 CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player SUSE Linux Enterprise Desktop 11 SP3 flash-player was updated to version 11.2.202.418 to fix 18 security issues: * Memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441). * Use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438). * A double free vulnerability that could lead to code execution (CVE-2014-0574). * Type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590). * Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589). * An information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437). * A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583). * A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442). Further information can be found at http://helpx.adobe.com/security/products/flash-player/apsb14-24.html <http://helpx.adobe.com/security/products/flash-player/apsb14-24.html> . Security Issues: * CVE-2014-0576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576> * CVE-2014-0581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581> * CVE-2014-8440 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440> * CVE-2014-8441 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441> * CVE-2014-0573 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573> * CVE-2014-0588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588> * CVE-2014-8438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438> * CVE-2014-0574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574> * CVE-2014-0577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577> * CVE-2014-0584 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584> * CVE-2014-0585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585> * CVE-2014-0586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586> * CVE-2014-0590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590> * CVE-2014-0582 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582> * CVE-2014-0589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589> * CVE-2014-8437 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437> * CVE-2014-0583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583> * CVE-2014-8442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442> SUSE bug 905032 CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0583 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 CVE-2014-8442 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP3 flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Critical SUSE bug 937339 CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP3 flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Critical SUSE bug 937752 CVE-2015-5122 CVE-2015-5123 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP3 This security update to 11.2.202.508 (bsc#941239) fixes the following issues: * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Critical SUSE bug 941239 CVE-2015-3107 CVE-2015-5124 CVE-2015-5125 CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Important SUSE bug 946880 CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP3 flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Important SUSE bug 950169 CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP3 flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Critical SUSE bug 950474 CVE-2015-7645 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The flash-player package was updated to fix the following security issues: - Security update to 11.2.202.548 (bsc#954512): * APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046 Moderate SUSE bug 954512 CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7659 CVE-2015-7660 CVE-2015-7661 CVE-2015-7662 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html Important SUSE bug 958324 CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 cpe:/o:suse:suse_sled:11:sp3 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution. - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Important SUSE bug 960317 CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 cpe:/o:suse:suse_sled:11:sp3 Security update for foomatic-filters (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Moderate SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:suse_sled:11:sp3 Security update for freetype2 SUSE Linux Enterprise Desktop 11 SP3 The font rendering library freetype2 has been updated to fix various security issues. Security Issues: * CVE-2014-9656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656> * CVE-2014-9657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657> * CVE-2014-9658 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658> * CVE-2014-9660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660> * CVE-2014-9661 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661> * CVE-2014-9662 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662> * CVE-2014-9667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667> * CVE-2014-9666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666> * CVE-2014-9665 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665> * CVE-2014-9664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664> * CVE-2014-9663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663> * CVE-2014-9659 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659> * CVE-2014-9668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668> * CVE-2014-9669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669> * CVE-2014-9670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670> * CVE-2014-9671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671> * CVE-2014-9672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672> * CVE-2014-9673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673> * CVE-2014-9674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674> * CVE-2014-9675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675> SUSE bug 916856 SUSE bug 916857 SUSE bug 916858 SUSE bug 916859 SUSE bug 916861 SUSE bug 916863 SUSE bug 916864 SUSE bug 916865 SUSE bug 916870 SUSE bug 916871 SUSE bug 916872 SUSE bug 916873 SUSE bug 916874 SUSE bug 916879 SUSE bug 916881 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:suse_sled:11:sp3 Security update for FUSE SUSE Linux Enterprise Desktop 11 SP3 This update for FUSE fixes the following security issue: * CVE-2015-3202: FUSE did not clear the environment upon execution of external programs. Security Issues: * CVE-2015-3202 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202> SUSE bug 931452 CVE-2015-3202 cpe:/o:suse:suse_sled:11:sp3 Security update for gd SUSE Linux Enterprise Desktop 11 SP3 The graphics drawing library gd has been updated to fix one security issue: * possible buffer read overflow (CVE-2014-9709) Security Issues: * CVE-2014-9709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709> SUSE bug 923945 CVE-2014-9709 cpe:/o:suse:suse_sled:11:sp3 Security update for giflib (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/o:suse:suse_sled:11:sp3 Security update for gimp SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues with gimp: * bnc#853423: XWD plugin g_new() integer overflow (CVE-2013-1913) * bnc#853425: XWD plugin color map heap-based buffer overflow (CVE-2013-1978) * bnc#791372: memory corruption via XWD files (CVE-2012-5576) Security Issue references: * CVE-2013-1913 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913> * CVE-2012-5576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576> * CVE-2013-1978 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978> SUSE bug 791372 SUSE bug 853423 SUSE bug 853425 CVE-2012-5576 CVE-2013-1913 CVE-2013-1978 cpe:/o:suse:suse_sled:11:sp3 Security update for glibc SUSE Linux Enterprise Desktop 11 SP3 This glibc update fixes a critical privilege escalation problem and two non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv. * bnc#888347: printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. Security Issues: * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119> SUSE bug 888347 SUSE bug 892065 SUSE bug 892073 CVE-2014-5119 cpe:/o:suse:suse_sled:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/o:suse:suse_sled:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:suse_sled:11:sp3 Security update for gnutls SUSE Linux Enterprise Desktop 11 SP3 GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> SUSE bug 880730 SUSE bug 880910 CVE-2014-3466 cpe:/o:suse:suse_sled:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/o:suse:suse_sled:11:sp3 Security update for GPG2 SUSE Linux Enterprise Desktop 11 SP3 GPG2 has been updated to fix a possible denial of service. This security issue has been fixed: * Denial of service through infinite loop with garbled compressed data packets (CVE-2014-4617) Security Issues: * CVE-2014-4617 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617> SUSE bug 884130 CVE-2014-4617 cpe:/o:suse:suse_sled:11:sp3 Security update for gpg2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Moderate SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:suse_sled:11:sp3 Security update for gpgme SUSE Linux Enterprise Desktop 11 SP3 This gpgme update fixes the following security issue: * bnc#890123: Fix possible overflow in gpgsm and uiserver engines (CVE-2014-3564) Security Issues: * CVE-2014-3564 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564> SUSE bug 890123 CVE-2014-3564 cpe:/o:suse:suse_sled:11:sp3 Security update for grub2 (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Bugs fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Important SUSE bug 884828 SUSE bug 884830 SUSE bug 946148 SUSE bug 952539 SUSE bug 954592 SUSE bug 956631 CVE-2015-8370 cpe:/o:suse:suse_sled:11:sp3 Security update for gstreamer-0_10-plugins-bad SUSE Linux Enterprise Desktop 11 SP3 gstreamer-0_10-plugins-bad was updated to fix a security issue, a buffer overflow in mp4 parsing (bnc#927559 CVE-2015-0797). Security Issues: * CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> SUSE bug 927559 CVE-2015-0797 cpe:/o:suse:suse_sled:11:sp3 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/o:suse:suse_sled:11:sp3 Security update for gdk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/o:suse:suse_sled:11:sp3 Security update for hplip SUSE Linux Enterprise Desktop 11 SP3 hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log). Security Issue references: * CVE-2013-4325 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325> * CVE-2013-0200 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200> * CVE-2013-6402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402> SUSE bug 808355 SUSE bug 835827 SUSE bug 836937 SUSE bug 852368 CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 cpe:/o:suse:suse_sled:11:sp3 Security update for icedtea-web SUSE Linux Enterprise Desktop 11 SP3 The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes: * Dialogs center on screen before becoming visible. * Support for u45 new manifest attributes (Application-Name). * Custom applet permission policies panel in itweb-settings control panel. * Plugin fixes: o PR1271: icedtea-web does not handle 'javascript:'-protocol URLs o RH976833: Multiple applets on one page cause deadlock o Enabled javaconsole. * Security fixes: o CVE-2013-6493/RH1010958: Insecure temporary file use flaw in LiveConnect implementation. * Additional fixes and changes: o Christmas splashscreen extension o Fixed classloading deadlocks o Cleaned code from warnings o Pipes moved to XDG runtime dir. Security Issue references: * CVE-2013-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493> SUSE bug 864364 CVE-2013-6493 cpe:/o:suse:suse_sled:11:sp3 Security update for icu SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issue in icu: * CVE-2014-9654: insufficient size limit checks in regular expression compiler (bsc#917129) Security Issues: * CVE-2014-9654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654> SUSE bug 917129 CVE-2014-9654 cpe:/o:suse:suse_sled:11:sp3 Security update for jasper SUSE Linux Enterprise Desktop 11 SP3 This update for jasper fixes the following security issues: * CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474) * CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475) * CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837) * CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837) Security Issues: * CVE-2014-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138> * CVE-2014-8137 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137> * CVE-2014-8157 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157> * CVE-2014-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158> SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 CVE-2014-8137 CVE-2014-8138 cpe:/o:suse:suse_sled:11:sp3 Security update for Java OpenJDK SUSE Linux Enterprise Desktop 11 SP3 Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html> SUSE bug 901242 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6468 CVE-2014-6476 CVE-2014-6485 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-6562 cpe:/o:suse:suse_sled:11:sp3 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Desktop 11 SP3 OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Important SUSE bug 938248 CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:suse_sled:11:sp3 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Desktop 11 SP3 java-1_7_0-openjdk was updated to version 7u91 to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376). - CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376). - CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376). - CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376). - CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376). - CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376). - CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376). - CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376). - CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376). - CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376). - CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376). - CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376). - CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376). - CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376). - CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376). Important SUSE bug 951376 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 cpe:/o:suse:suse_sled:11:sp3 Security update for java-1_7_0-openjdk (Critical) SUSE Linux Enterprise Desktop 11 SP3 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Critical SUSE bug 960996 SUSE bug 962743 CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sled:11:sp3 Security update for kdebase4-workspace SUSE Linux Enterprise Desktop 11 SP3 This kdebase4-workspace update fixes two security issues: * NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) * Memory leak that could lead to a denial of service. (CVE-2013-4133) Security Issues references: * CVE-2013-4132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4132> * CVE-2013-4133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4133> SUSE bug 829857 CVE-2013-4132 CVE-2013-4133 cpe:/o:suse:suse_sled:11:sp3 Security update for kdebase4-runtime SUSE Linux Enterprise Desktop 11 SP3 kdebase4-runtime has been updated to fix one security issue: * CVE-2013-7252: Added gpg based encryption support to kwallet (bnc#857200). Security Issues: * CVE-2013-7252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7252> SUSE bug 857200 CVE-2013-7252 cpe:/o:suse:suse_sled:11:sp3 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/o:suse:suse_sled:11:sp3 Security update for kdelibs4 SUSE Linux Enterprise Desktop 11 SP3 This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/o:suse:suse_sled:11:sp3 Security update for kdirstat SUSE Linux Enterprise Desktop 11 SP3 The following security issue has been fixed: * #868682: CVE-2014-2527 CVE-2014-2528: kdirstat: command injection in kcleanup Security Issues: * CVE-2014-2527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527> * CVE-2014-2528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528> SUSE bug 868682 CVE-2014-2527 CVE-2014-2528 cpe:/o:suse:suse_sled:11:sp3 Security update for Linux kernel SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2) (bnc#871134). - drm/ast: open key before detect chips (bnc#895983). - drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - writeback: Do not sync data dirtied after sync start (bnc#833820). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add check for number of available vectors before CPU down (bnc#887418). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 833820 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871134 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879304 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 880892 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883096 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887418 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891281 SUSE bug 891619 SUSE bug 891746 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 SUSE bug 895221 SUSE bug 895608 SUSE bug 895680 SUSE bug 895983 SUSE bug 896689 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-3153 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 cpe:/o:suse:suse_sled:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Important SUSE bug 851068 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 886785 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 919463 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923245 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 927786 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930761 SUSE bug 930934 SUSE bug 931538 SUSE bug 932348 SUSE bug 932458 SUSE bug 933429 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934742 SUSE bug 934944 SUSE bug 935053 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936925 SUSE bug 937032 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 942350 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 cpe:/o:suse:suse_sled:11:sp3 Security update for Linux kernel SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891619 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 cpe:/o:suse:suse_sled:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in microcode via #DB exception (bsc#954404). - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in microcode via #AC exception (bsc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bsc#938706). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951440). - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by validating before applying it (bsc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bsc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered permanent file-descriptor allocation (bsc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bsc#814440). - btrfs: fix hang when failing to submit bio of directIO (bsc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bsc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would have merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn merge heuristic (bsc#904348). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Get rid if the '^A' in struct drm_i915_private (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - fix lpfc_send_rscn_event allocation size claims bsc#935757 - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bsc#947957). - ib/iser: Add Discovery support (bsc#923002). - ib/iser: Move informational messages from error to info level (bsc#923002). - ib/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: Fix reuse connection if real server is dead (bsc#945827). - ipvs: drop first packet to dead server (bsc#946078). - keys: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bsc#930788). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - macvlan: Support bonding events bsc#948521 - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bsc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bsc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bsc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bsc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bsc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bsc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017, bsc#949298). - mm: make page pfmemalloc check more robust (bsc#920016). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786). - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786). - pci: Add flag indicating device has been assigned by KVM (bsc#777565). - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084). - pci: Refresh First VF Offset and VF Stride when updating NumVFs (bsc#952084). - pci: Update NumVFs register when disabling SR-IOV (bsc#952084). - pci: delay configuration of SRIOV capability (bsc#952084). - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bsc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bsc#933721). - usb: xhci: Reset a halted endpoint immediately when we encounter a stall (bsc#933721). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bsc#944989). - usb: xhci: do not start a halted endpoint before its new dequeue is set (bsc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721). - x86/tsc: Change Fast TSC calibration failed from error to info (bsc#942605). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788). - xfs: add background scanning to clear eofblocks inodes (bsc#930788). - xfs: add inode id filtering to eofblocks scan (bsc#930788). - xfs: add minimum file size filtering to eofblocks scan (bsc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788). - xfs: create helper to check whether to free eofblocks on inode (bsc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bsc#930788). - xfs: support a tag-based inode_ag_iterator (bsc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bsc#949981). - xhci: Allocate correct amount of scratchpad buffers (bsc#933721). - xhci: Calculate old endpoints correctly on device reset (bsc#944831). - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bsc#945691). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bsc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bsc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502). - xhci: do not report PLC when link is in internal resume state (bsc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bsc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721). - xhci: report U3 when link is in resume state (bsc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721). - xhci: use uninterruptible sleep for waiting for internal operations (bsc#939955). Important SUSE bug 777565 SUSE bug 814440 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 920016 SUSE bug 923002 SUSE bug 926007 SUSE bug 926709 SUSE bug 926774 SUSE bug 930145 SUSE bug 930788 SUSE bug 932350 SUSE bug 932805 SUSE bug 933721 SUSE bug 935053 SUSE bug 935757 SUSE bug 936118 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940925 SUSE bug 941202 SUSE bug 942204 SUSE bug 942305 SUSE bug 942367 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949981 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 953527 SUSE bug 953980 SUSE bug 954404 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 This MIT krb5 update fixes a buffer overrun problem in kadmind: * bnc#891082: buffer overrun in kadmind with LDAP back end (MITKRB5-SA-2014-001) (CVE-2014-4345) MIT krb5 Security Advisory 2014-001 * http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt Security Issues: * CVE-2014-4345 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345> SUSE bug 891082 CVE-2014-4345 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 (Important) SUSE Linux Enterprise Desktop 11 SP3 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 This update for krb5 fixes the following issues: * When randomizing the keys for a service principal, current keys could be returned. (CVE-2014-5351) * klist -s crashes when handling multiple referral entries. (bnc#890623) Security Issues: * CVE-2014-5351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351> SUSE bug 890623 SUSE bug 897874 CVE-2014-5351 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 SUSE Linux Enterprise Desktop 11 SP3 krb5 has been updated to fix four security issues: * CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002) Additionally, these non-security issues have been fixed: * Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557) Security Issues: * CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423> SUSE bug 872912 SUSE bug 906557 SUSE bug 912002 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/o:suse:suse_sled:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/o:suse:suse_sled:11:sp3 Security update for kvm SUSE Linux Enterprise Desktop 11 SP3 kvm has been updated to fix issues in the embedded qemu: * CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-3461: A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-0222: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. Non-security bugs fixed: * Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842) * Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535) Security Issues: * CVE-2014-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222> * CVE-2014-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223> * CVE-2014-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461> SUSE bug 876842 SUSE bug 877642 SUSE bug 877645 SUSE bug 878541 SUSE bug 886535 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 cpe:/o:suse:suse_sled:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Desktop 11 SP3 kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Important SUSE bug 938344 CVE-2015-5154 cpe:/o:suse:suse_sled:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Bugs fixed: - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) Important SUSE bug 947164 SUSE bug 950590 SUSE bug 953187 SUSE bug 956829 SUSE bug 957162 CVE-2015-7512 CVE-2015-8345 cpe:/o:suse:suse_sled:11:sp3 Security update for kvm and libvirt SUSE Linux Enterprise Desktop 11 SP3 This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm: * Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) * Fix performance degradation after migration. (bsc#878350) * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) * Add validate hex properties for qdev. (bsc#852397) * Add boot option to do strict boot (bsc#900084) * Add query-command-line-options QMP command. (bsc#899144) * Fix incorrect return value of migrate_cancel. (bsc#843074) * Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt: * Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) * Fix domain deadlock. (bsc#899484, CVE-2014-3657) * Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) * Fix undefined symbol when starting virtlockd. (bsc#910145) * Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) * Add support for 'reboot-timeout' in qemu. (bsc#899144) * Increase QEMU's monitor timeout to 30sec. (bsc#911742) * Allow setting QEMU's migration max downtime any time. (bsc#879665) Security Issues: * CVE-2014-7823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823> * CVE-2014-3657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657> * CVE-2014-3633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633> * CVE-2014-3640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640> * CVE-2014-7840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840> * CVE-2014-8106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106> SUSE bug 843074 SUSE bug 852397 SUSE bug 878350 SUSE bug 879665 SUSE bug 897654 SUSE bug 897783 SUSE bug 899144 SUSE bug 899484 SUSE bug 900084 SUSE bug 904176 SUSE bug 905097 SUSE bug 907805 SUSE bug 908381 SUSE bug 910145 SUSE bug 911742 CVE-2014-3633 CVE-2014-3640 CVE-2014-3657 CVE-2014-7823 CVE-2014-7840 CVE-2014-8106 cpe:/o:suse:suse_sled:11:sp3 Security update for lcms SUSE Linux Enterprise Desktop 11 SP3 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:suse_sled:11:sp3 Security update for lcms2 SUSE Linux Enterprise Desktop 11 SP3 lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. * User defined parametric curves can now be saved in ICC profiles. * RGB profiles using same tone curves for several channels are storing now only one copy of the curve * update black point detection algorithm to reflect ICC changes * Added new cmsPlugInTHR() and fixed some race conditions * Added error descriptions on cmsSmoothToneCurve * Several improvements in cgats parser. * Fixed devicelink generation for 8 bits * Added a reference for Mac MLU tag * Added a way to read the profile creator from header * Added identity curves support for write V2 LUT * Added TIFF Lab16 handling on tifficc * Fixed a bug in parametric curves * Rendering intent used when creating the transform is now propagated to profile header in cmsTransform2Devicelink. * Transform2Devicelink now keeps white point when guessing deviceclass is enabled * Added some checks for non-happy path, mostly failing mallocs (bnc#826097). For further changes please see the ChangeLog in the RPM. SUSE bug 826097 cpe:/o:suse:suse_sled:11:sp3 Security update for libQt SUSE Linux Enterprise Desktop 11 SP3 The Qt library was updated to fix a XML entity expansion attack (XXE). (CVE-2013-4549) Security Issue reference: * CVE-2013-4549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549> SUSE bug 856832 SUSE bug 859158 CVE-2013-4549 cpe:/o:suse:suse_sled:11:sp3 Security update for PostgreSQL 9.1 SUSE Linux Enterprise Desktop 11 SP3 The PostgreSQL database server was updated to version 9.1.12 to fix various security issues: * Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode'). (CVE-2014-0066) * Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) The complete list of bugs and more information can be found at: http://www.postgresql.org/docs/9.1/static/release-9-1-12.html <http://www.postgresql.org/docs/9.1/static/release-9-1-12.html> Security Issues references: * CVE-2014-0060 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060> * CVE-2014-0061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061> * CVE-2014-0062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062> * CVE-2014-0063 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063> * CVE-2014-0064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064> * CVE-2014-0065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065> * CVE-2014-0066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066> SUSE bug 864845 SUSE bug 864846 SUSE bug 864847 SUSE bug 864850 SUSE bug 864851 SUSE bug 864852 SUSE bug 864853 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 cpe:/o:suse:suse_sled:11:sp3 Security update for libevent SUSE Linux Enterprise Desktop 11 SP3 This update fixes a buffer overflow in the buffered event handling in libevent. (CVE-2014-6272) Security Issues: * CVE-2014-6272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272> SUSE bug 897243 CVE-2014-6272 cpe:/o:suse:suse_sled:11:sp3 Security update for mozilla-nss SUSE Linux Enterprise Desktop 11 SP3 Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568> SUSE bug 897890 CVE-2014-1568 cpe:/o:suse:suse_sled:11:sp3 Security update for libgadu SUSE Linux Enterprise Desktop 11 SP3 A memory corruption vulnerability has been fixed in libgadu. CVE-2013-6487 has been assigned to this issue. Security Issue reference: * CVE-2013-6487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487> SUSE bug 878540 CVE-2013-6487 cpe:/o:suse:suse_sled:11:sp3 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP3 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:suse_sled:11:sp3 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/o:suse:suse_sled:11:sp3 Security update for libgcrypt SUSE Linux Enterprise Desktop 11 SP3 This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270> SUSE bug 892464 CVE-2014-5270 cpe:/o:suse:suse_sled:11:sp3 Security update for libjasper SUSE Linux Enterprise Desktop 11 SP3 This update for libjasper fixes multiple off-by-one errors which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow triggered by a crafted jp2 (JPEG 2000) file. (bsc#906364, CVE-2014-9029) Security Issues: * CVE-2014-9029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029> SUSE bug 906364 CVE-2014-9029 cpe:/o:suse:suse_sled:11:sp3 Security update for libksba SUSE Linux Enterprise Desktop 11 SP3 This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087> SUSE bug 907074 CVE-2014-9087 cpe:/o:suse:suse_sled:11:sp3 Security update for libksba (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/o:suse:suse_sled:11:sp3 Security update for lzo SUSE Linux Enterprise Desktop 11 SP3 lzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. (CVE-2014-4607) Security Issue reference: * CVE-2014-4607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607> SUSE bug 883947 CVE-2014-4607 cpe:/o:suse:suse_sled:11:sp3 Security update for libmpfr SUSE Linux Enterprise Desktop 11 SP3 This update for libmpfr fixes a buffer overflow in mpfr_strtofr. (CVE-2014-9474) Security Issues: * CVE-2014-9474 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474> SUSE bug 911812 CVE-2014-9474 cpe:/o:suse:suse_sled:11:sp3 Security update for libmspack SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issue: * CVE-2014-9556: An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214) Security Issues: * CVE-2014-9556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556> SUSE bug 912214 CVE-2014-9556 cpe:/o:suse:suse_sled:11:sp3 Security update for libmspack (Moderate) SUSE Linux Enterprise Desktop 11 SP3 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:suse_sled:11:sp3 Security update for MySQL SUSE Linux Enterprise Desktop 11 SP3 This MySQL update provides the following: * upgrade to version 5.5.39, [bnc#887580] * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243 See also: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> Security Issues: * CVE-2014-2484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484> * CVE-2014-4258 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258> * CVE-2014-4260 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260> * CVE-2014-2494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494> * CVE-2014-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238> * CVE-2014-4207 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207> * CVE-2014-4233 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233> * CVE-2014-4240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240> * CVE-2014-4214 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214> * CVE-2014-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243> SUSE bug 887580 CVE-2014-2484 CVE-2014-2494 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 cpe:/o:suse:suse_sled:11:sp3 Security update for OpenSSL SUSE Linux Enterprise Desktop 11 SP3 This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> SUSE bug 892403 SUSE bug 901223 SUSE bug 901277 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 cpe:/o:suse:suse_sled:11:sp3 Security update for pixman SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:suse_sled:11:sp3 Security update for libpng SUSE Linux Enterprise Desktop 11 SP3 This libpng update fixes the following two overflow security issues. * bnc#873123: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). * bnc#873124: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). Security Issue references: * CVE-2013-7353 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353> * CVE-2013-7354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354> SUSE bug 873123 SUSE bug 873124 CVE-2013-7353 CVE-2013-7354 cpe:/o:suse:suse_sled:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:suse_sled:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/o:suse:suse_sled:11:sp3 Security update for poppler SUSE Linux Enterprise Desktop 11 SP3 This update fixes problems in DCTStream error handling in poppler. Security Issue reference: * CVE-2010-5110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5110> SUSE bug 845765 CVE-2010-5110 cpe:/o:suse:suse_sled:11:sp3 Security update for pulseaudio SUSE Linux Enterprise Desktop 11 SP3 The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970> SUSE bug 881524 CVE-2014-3970 cpe:/o:suse:suse_sled:11:sp3 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP3 This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/o:suse:suse_sled:11:sp3 Security update for libqt4 SUSE Linux Enterprise Desktop 11 SP3 The libqt4 library was updated to fix several security issues: * CVE-2015-0295: Division by zero when processing malformed BMP files. (bsc#921999) * CVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling. (bsc#927806) * CVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling. (bsc#927807) * CVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling. (bsc#927808) Security Issues: * CVE-2015-1858 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858> * CVE-2015-1859 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859> * CVE-2015-1860 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860> * CVE-2015-0295 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295> SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:suse_sled:11:sp3 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP3 LibreOffice was updated to fix two security issues. These security issues have been fixed: * 'Document as E-mail' vulnerability (bnc#900218). * Impress remote control use-after-free vulnerability (CVE-2014-3693). Security Issues: * CVE-2014-3693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3693> SUSE bug 900214 SUSE bug 900218 CVE-2014-3693 cpe:/o:suse:suse_sled:11:sp3 Security update for LibreOffice SUSE Linux Enterprise Desktop 11 SP3 LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename &) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color hidden by Default style in writerfilter (bnc#820504) * DOCX document crashes when using internal OOXML filter (bnc#382137) * ugly workaround for external leading with symbol fonts (bnc#823626) * followup fix for exported xlsx causes errors for mso2007 (bnc#823935) * we only support simple labels in the InternalDataProvider (bnc#864396) * RTF import: fix import of numbering bullet associated font (bnc#823675) * page specific footer extended to every pages in DOCX export (bnc#654230) * v:textbox mso-fit-shape-to-text style property in VML import (bnc#820788) * w:spacing in a paragraph should also apply to as-char objects (bnc#780044) * compatibility setting for MS Word wrapping text in less space (bnc#822908) * fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891) Security Issues: * CVE-2014-3575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575> * CVE-2013-4156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156> SUSE bug 382137 SUSE bug 593612 SUSE bug 654230 SUSE bug 753460 SUSE bug 757432 SUSE bug 779620 SUSE bug 779642 SUSE bug 780044 SUSE bug 783433 SUSE bug 802888 SUSE bug 816593 SUSE bug 817956 SUSE bug 819614 SUSE bug 819822 SUSE bug 819865 SUSE bug 820077 SUSE bug 820273 SUSE bug 820503 SUSE bug 820504 SUSE bug 820509 SUSE bug 820788 SUSE bug 820800 SUSE bug 820819 SUSE bug 820836 SUSE bug 821567 SUSE bug 821795 SUSE bug 822908 SUSE bug 823626 SUSE bug 823651 SUSE bug 823655 SUSE bug 823675 SUSE bug 823935 SUSE bug 825305 SUSE bug 825891 SUSE bug 825976 SUSE bug 828390 SUSE bug 828598 SUSE bug 829017 SUSE bug 830205 SUSE bug 831457 SUSE bug 831578 SUSE bug 834035 SUSE bug 834705 SUSE bug 834720 SUSE bug 834722 SUSE bug 835985 SUSE bug 837302 SUSE bug 839727 SUSE bug 862510 SUSE bug 863021 SUSE bug 864396 SUSE bug 870234 SUSE bug 878854 SUSE bug 893141 CVE-2013-4156 CVE-2014-3575 cpe:/o:suse:suse_sled:11:sp3 Security update for librsvg (Important) SUSE Linux Enterprise Desktop 11 SP3 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/o:suse:suse_sled:11:sp3 Security update for libsndfile SUSE Linux Enterprise Desktop 11 SP3 This update for libsndfile fixes two buffer read overflows in sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796) Security Issues: * CVE-2014-9496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496> SUSE bug 911796 CVE-2014-9496 cpe:/o:suse:suse_sled:11:sp3 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/o:suse:suse_sled:11:sp3 Security update for net-snmp SUSE Linux Enterprise Desktop 11 SP3 This update for net-snmp fixes a remote denial of service problem inside snmptrapd when it is started with the '-OQ' option. (CVE-2014-3565, bnc#894361) Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24 when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222) Security Issues: * CVE-2014-3565 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565> SUSE bug 865222 SUSE bug 894361 CVE-2014-3565 cpe:/o:suse:suse_sled:11:sp3 Security update for libssh2 SUSE Linux Enterprise Desktop 11 SP3 This update of libssh fixes the following security issue: * When libssh operates in server mode, the randomness pool was not switched on fork, so two pools could operate on the same randomness and could generate the same keys. Security Issue references: * CVE-2014-0017 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017> SUSE bug 866278 CVE-2014-0017 cpe:/o:suse:suse_sled:11:sp3 Security update for libssh2_org SUSE Linux Enterprise Desktop 11 SP3 The ssh client library libssh2_org was updated to fix a security issue: * CVE-2015-1782: A malicious server could send a crafted SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a crash of the application using libssh2_org. Security Issues: * CVE-2015-1782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782> SUSE bug 921070 CVE-2015-1782 cpe:/o:suse:suse_sled:11:sp3 Security update for libtasn1 SUSE Linux Enterprise Desktop 11 SP3 libtasn1 has been updated to fix three security issues: * asn1_get_bit_der() could have returned negative bit length (CVE-2014-3468) * Multiple boundary check issues could have allowed DoS (CVE-2014-3467) * Possible DoS by NULL pointer dereference in asn1_read_value_type (CVE-2014-3469) Security Issues: * CVE-2014-3468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468> * CVE-2014-3467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467> * CVE-2014-3469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469> SUSE bug 880735 SUSE bug 880737 SUSE bug 880738 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 cpe:/o:suse:suse_sled:11:sp3 Security update for libtiff SUSE Linux Enterprise Desktop 11 SP3 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:suse_sled:11:sp3 Security update for libvdpau (Moderate) SUSE Linux Enterprise Desktop 11 SP3 libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. * CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) * CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) * CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969) Moderate SUSE bug 943967 SUSE bug 943968 SUSE bug 943969 CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:suse_sled:11:sp3 Security update for libvirt SUSE Linux Enterprise Desktop 11 SP3 libvirt has been patched to fix two security issues. Further information is available at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179> and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456> These security issues have been fixed: * Unsafe parsing of XML documents allows arbitrary file read or denial of service (CVE-2014-0179) * Ability to delete or create arbitrary host devices (CVE-2013-6456) Security Issue references: * CVE-2014-0179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179> * CVE-2013-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456> SUSE bug 857490 SUSE bug 873705 CVE-2013-6456 CVE-2014-0179 cpe:/o:suse:suse_sled:11:sp3 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:suse_sled:11:sp3 Security update for libwmf (Moderate) SUSE Linux Enterprise Desktop 11 SP3 libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Moderate SUSE bug 831299 SUSE bug 933109 SUSE bug 936058 SUSE bug 936062 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:suse:suse_sled:11:sp3 Security update for openwsman SUSE Linux Enterprise Desktop 11 SP3 This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901882 CVE-2014-3566 cpe:/o:suse:suse_sled:11:sp3 Security update for libxml2 SUSE Linux Enterprise Desktop 11 SP3 This update fixes a denial of service via recursive entity expansion. (CVE-2014-3660) Security Issues: * CVE-2014-3660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660> SUSE bug 901546 CVE-2014-3660 cpe:/o:suse:suse_sled:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/o:suse:suse_sled:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/o:suse:suse_sled:11:sp3 Security update for libxslt SUSE Linux Enterprise Desktop 11 SP3 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:suse_sled:11:sp3 Security update for lxc SUSE Linux Enterprise Desktop 11 SP3 The container framework LXC has been updated to fix various bugs and a security issue: * CVE-2013-6441: The sshd template allowed privilege escalation on the host. * SLES container time not aligned with host time (bnc#839653) * SLES container boot takes ages (bnc#839663) * lxc mounts /dev/pts with wrong options (bnc#869663) Security Issues: * CVE-2013-6441 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441> SUSE bug 839653 SUSE bug 839663 SUSE bug 855809 SUSE bug 869663 CVE-2013-6441 cpe:/o:suse:suse_sled:11:sp3 Security update for lxc (Moderate) SUSE Linux Enterprise Desktop 11 SP3 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:suse_sled:11:sp3 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Desktop 11 SP3 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/o:suse:suse_sled:11:sp3 Security update for Mozilla NSS SUSE Linux Enterprise Desktop 11 SP3 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:suse_sled:11:sp3 Security update for mutt SUSE Linux Enterprise Desktop 11 SP3 The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. Security Issues references: * CVE-2014-0467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467> SUSE bug 868115 CVE-2014-0467 cpe:/o:suse:suse_sled:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/o:suse:suse_sled:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/o:suse:suse_sled:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/o:suse:suse_sled:11:sp3 Security update for net-snmp (Moderate) SUSE Linux Enterprise Desktop 11 SP3 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/o:suse:suse_sled:11:sp3 Security update for novell-qtgui, novell-ui-base SUSE Linux Enterprise Desktop 11 SP3 Packages novell-ui-base and novell-qtgui were updated to prevent erroneous rights assignment when a user is granted 'File Scan' rights (F). In this case nwrights was assigning Supervisor (S) rights. (CVE-2014-0595) Further information is available at https://bugzilla.novell.com/show_bug.cgi?id=872796 <https://bugzilla.novell.com/show_bug.cgi?id=872796> . Security Issue reference: * CVE-2014-0595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0595> SUSE bug 872796 CVE-2014-0595 cpe:/o:suse:suse_sled:11:sp3 Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Desktop 11 SP3 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:suse_sled:11:sp3 Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp3 Security update for openldap2 SUSE Linux Enterprise Desktop 11 SP3 openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) Security Issues: * CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> SUSE bug 846389 SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/o:suse:suse_sled:11:sp3 Security update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/o:suse:suse_sled:11:sp3 Security update for OpenSLP SUSE Linux Enterprise Desktop 11 SP3 This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones. Security Issues: * CVE-2012-4428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4428> SUSE bug 778508 SUSE bug 855385 CVE-2012-4428 cpe:/o:suse:suse_sled:11:sp3 Security update for openssh SUSE Linux Enterprise Desktop 11 SP3 This update for OpenSSH fixes the following issues: * Exit sshd normally when port is already in use. (bnc#832628) * Use hardware crypto engines where available. (bnc#826427) * Use correct options for login when it is used. (bnc#833605) * Move FIPS messages to higher debug level. (bnc#862875) * Fix forwarding with IPv6 addresses in DISPLAY. (bnc#847710) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) * Parse AcceptEnv properly. (bnc#869101, CVE-2014-2532) * Check SSHFP DNS records even for server certificates. (bnc#870532, CVE-2014-2653) Security Issues references: * CVE-2014-2532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532> * CVE-2014-2653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653> SUSE bug 826427 SUSE bug 833605 SUSE bug 847710 SUSE bug 869101 SUSE bug 870532 CVE-2014-2532 cpe:/o:suse:suse_sled:11:sp3 Security update for openssh (Important) SUSE Linux Enterprise Desktop 11 SP3 openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm@openssh.com. Important SUSE bug 673532 SUSE bug 903649 SUSE bug 905118 SUSE bug 914309 SUSE bug 916549 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 SUSE bug 943006 SUSE bug 943010 SUSE bug 945493 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 cpe:/o:suse:suse_sled:11:sp3 Security update for openssh (Critical) SUSE Linux Enterprise Desktop 11 SP3 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:suse_sled:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:suse_sled:11:sp3 Security update for openssl-certs SUSE Linux Enterprise Desktop 11 SP3 openssl-certs has been updated to include four new and remove two certificates: * new: Atos_TrustedRoot_2011:2.8.92.51.203.98.44.95.179.50.crt * new: E-Tugra_Certification_Authority:2.8.106.104.62.156.81.155.203.83.crt * new: TeliaSonera_Root_CA_v1:2.17.0.149.190.22.160.247.46.70.241.123.57.130.114.250.139.205.150.crt * new: T-TeleSec_GlobalRoot_Class_2:2.1.1.crt * removed: Firmaprofesional_Root_CA:2.1.1.crt * removed: TDC_OCES_Root_CA:2.4.62.72.189.196.crt SUSE bug 875647 SUSE bug 881241 cpe:/o:suse:suse_sled:11:sp3 Security update for openvpn SUSE Linux Enterprise Desktop 11 SP3 OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061> SUSE bug 843509 CVE-2013-2061 cpe:/o:suse:suse_sled:11:sp3 Security update for orca (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Moderate SUSE bug 916835 CVE-2013-4245 cpe:/o:suse:suse_sled:11:sp3 Security update for pam SUSE Linux Enterprise Desktop 11 SP3 This update changes the broken default behavior of pam_pwhistory to not enforce checks when the root user requests password changes. In order to enforce pwhistory checks on the root user, the 'enforce_for_root' parameter needs to be set for the pam_pwhistory.so module. This pam update fixes the following security and non-security issues: * bnc#870433: Fixed pam_timestamp path injection problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password Security Issue references: * CVE-2014-2583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583> SUSE bug 848417 SUSE bug 870433 CVE-2014-2583 cpe:/o:suse:suse_sled:11:sp3 Security update for perl SUSE Linux Enterprise Desktop 11 SP3 This update fixes a memory leak and an infinite recursion in Data::Dumper. (CVE-2014-4330) Security Issues: * CVE-2014-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330> SUSE bug 838333 SUSE bug 896715 CVE-2014-4330 cpe:/o:suse:suse_sled:11:sp3 Security update for popt SUSE Linux Enterprise Desktop 11 SP3 This rpm update fixes the following security and non security issues. * bnc#908128: check for bad invalid name sizes (CVE-2014-8118) * bnc#906803: create files with mode 0 (CVE-2013-6435) * bnc#892431: honor --noglob in install mode Security Issues: * CVE-2014-8118 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118> * CVE-2013-6435 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435> SUSE bug 892431 SUSE bug 906803 SUSE bug 908128 CVE-2013-6435 CVE-2014-8118 cpe:/o:suse:suse_sled:11:sp3 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/o:suse:suse_sled:11:sp3 Security update for postgresql91 SUSE Linux Enterprise Desktop 11 SP3 The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues: * Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161). For a comprehensive list of fixes, please refer to the following release notes: * http://www.postgresql.org/docs/9.1/static/release-9-1-15.html <http://www.postgresql.org/docs/9.1/static/release-9-1-15.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html <http://www.postgresql.org/docs/9.1/static/release-9-1-14.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html <http://www.postgresql.org/docs/9.1/static/release-9-1-13.html> Security Issues: * CVE-2015-0241 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241> * CVE-2015-0243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243> * CVE-2015-0244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244> * CVE-2014-8161 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161> SUSE bug 916953 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 cpe:/o:suse:suse_sled:11:sp3 Security update for postgresql91 SUSE Linux Enterprise Desktop 11 SP3 This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements. The following vulnerabilities have been fixed: * CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972) * CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973) * CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974) For a comprehensive list of changes, please refer to http://www.postgresql.org/docs/9.1/static/release-9-1-18.html <http://www.postgresql.org/docs/9.1/static/release-9-1-18.html> . This update also includes changes in PostgreSQL's packaging to prepare for the migration to the new major version 9.4. (FATE#316970, bsc#907651) Security Issues: * CVE-2015-3165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165> * CVE-2015-3166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166> * CVE-2015-3167 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167> SUSE bug 907651 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/o:suse:suse_sled:11:sp3 Security update for postgresql91 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Moderate SUSE bug 949669 CVE-2015-5288 cpe:/o:suse:suse_sled:11:sp3 Security update for ppp SUSE Linux Enterprise Desktop 11 SP3 This ppp update fixes a potential security issue that an unprivileged attacker could access privileged options: * integer overflow in option parsing (CVE-2014-3158, bnc#891489) Security Issues: * CVE-2014-3158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158> SUSE bug 891489 CVE-2014-3158 cpe:/o:suse:suse_sled:11:sp3 Security update for procmail SUSE Linux Enterprise Desktop 11 SP3 procmail was updated to fix a security issue in its formail helper. * When formail processed specially crafted e-mail headers a heap corruption could be triggered, which would lead to a crash of formail. (CVE-2014-3618) Security Issues: * CVE-2014-3618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618> SUSE bug 894999 CVE-2014-3618 cpe:/o:suse:suse_sled:11:sp3 Security update for puppet SUSE Linux Enterprise Desktop 11 SP3 Puppet was updated to fix the following security issues: * Unsafe use of temporary files. (CVE-2013-4969) * Arbitrary code execution with required social engineering. (CVE-2014-3248, CVE-2014-3250) Security Issues references: * CVE-2014-3248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248> * CVE-2013-4969 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969> * CVE-2014-3250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250> SUSE bug 856843 SUSE bug 879913 CVE-2013-4969 CVE-2014-3248 CVE-2014-3250 cpe:/o:suse:suse_sled:11:sp3 Security update for pwlib SUSE Linux Enterprise Desktop 11 SP3 This update fixes a XML DoS vulnerability in pwlib. CVE-2013-1864 has been assigned to this issue. Security Issue reference: * CVE-2013-1864 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1864> SUSE bug 809917 CVE-2013-1864 cpe:/o:suse:suse_sled:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:suse_sled:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 Python was updated to fix one security issue: * Potential wraparound/overflow in buffer() (CVE-2014-7185) As an additional hardening measure SSLv2 has been disabled (bnc#901715). Security Issues: * CVE-2014-7185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185> SUSE bug 898572 SUSE bug 901715 CVE-2014-7185 cpe:/o:suse:suse_sled:11:sp3 Security update for python SUSE Linux Enterprise Desktop 11 SP3 This update for Python fixes the following security issues: * bnc#834601: SSL module does not handle certificates that contain hostnames with NULL bytes. (CVE-2013-4238) * bnc#856836: Various stdlib read flaws. (CVE-2013-1752) Additionally, the following non-security issues have been fixed: * bnc#859068: Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. * bnc#847135: Setting fips=1 at boot time causes problems with Python due to MD5 usage. Security Issue references: * CVE-2013-4073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073> * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 SUSE bug 847135 SUSE bug 856836 SUSE bug 859068 CVE-2013-4073 CVE-2013-4238 cpe:/o:suse:suse_sled:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 Python was updated to fix a security issue in the socket.recvfrom_into function, where data could be written over the end of the buffer. (CVE-2014-1912) Security Issue reference: * CVE-2014-1912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912> SUSE bug 863741 CVE-2014-1912 cpe:/o:suse:suse_sled:11:sp3 Security update for Python SUSE Linux Enterprise Desktop 11 SP3 This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650> SUSE bug 872848 SUSE bug 885882 CVE-2014-4650 cpe:/o:suse:suse_sled:11:sp3 Security update for python-lxml SUSE Linux Enterprise Desktop 11 SP3 This security update for python-lxml fixes a input sanitization flaw in clean_html. (CVE-2014-3146) Security Issues: * CVE-2014-3146 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146> SUSE bug 877258 CVE-2014-3146 cpe:/o:suse:suse_sled:11:sp3 Security update for python-setuptools SUSE Linux Enterprise Desktop 11 SP3 python-setuptools so far used only HTTP to retrieve packages, which could have lead to man in the middle attacks on newly installed python code. This update adjusts it to use HTTPS, guaranteeing better connection integrity. Security Issue reference: * CVE-2013-1633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1633> SUSE bug 843759 CVE-2013-1633 cpe:/o:suse:suse_sled:11:sp3 Recommended update for python-setuptools (Moderate) SUSE Linux Enterprise Desktop 11 SP3 python-setuptools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189) Moderate SUSE bug 930189 CVE-2013-7440 cpe:/o:suse:suse_sled:11:sp3 Security update for rpcbind (Moderate) SUSE Linux Enterprise Desktop 11 SP3 A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Moderate SUSE bug 940191 SUSE bug 946204 CVE-2015-7236 cpe:/o:suse:suse_sled:11:sp3 Security update for rsync (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Moderate SUSE bug 900914 SUSE bug 915410 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:suse_sled:11:sp3 Security update for Ruby SUSE Linux Enterprise Desktop 11 SP3 This Ruby update fixes the following security issue: * bnc#808137: Fixed entity expansion DoS vulnerability in REXML (CVE-2013-1821). Security Issue reference: * CVE-2013-1821 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821> SUSE bug 808137 CVE-2013-1821 cpe:/o:suse:suse_sled:11:sp3 Security update for rxvt-unicode SUSE Linux Enterprise Desktop 11 SP3 rxvt-unicode was updated to ensure that window property values can not be queried in secure mode. (CVE-2014-3121) Security Issue reference: * CVE-2014-3121 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121> SUSE bug 876101 CVE-2014-3121 cpe:/o:suse:suse_sled:11:sp3 Security update for Samba SUSE Linux Enterprise Desktop 11 SP3 Samba has been updated to fix one security issue: * CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed: * Realign the winbind request structure following require_membership_of field expansion (bnc#913001). * Reuse connections derived from DFS referrals (bso#10123, fate#316512). * Set domain/workgroup based on authentication callback value (bso#11059). * Fix spoolss error response marshalling (bso#10984). * Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). * Fix handling of bad EnumJobs levels (bso#10898). * Fix small memory-leak in the background print process; (bnc#899558). * Prune idle or hung connections older than 'winbind request timeout' (bso#3204, bnc#872912). Security Issues: * CVE-2015-0240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240> SUSE bug 872912 SUSE bug 898031 SUSE bug 899558 SUSE bug 913001 SUSE bug 917376 CVE-2015-0240 cpe:/o:suse:suse_sled:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP3 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/o:suse:suse_sled:11:sp3 Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Moderate SUSE bug 942628 CVE-2015-5185 cpe:/o:suse:suse_sled:11:sp3 Security update for shim SUSE Linux Enterprise Desktop 11 SP3 shim has been updated to fix three security issues: * OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). * Memory corruption when processing user provided MOK lists (CVE-2014-3677). Security Issues: * CVE-2014-3675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675> * CVE-2014-3676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676> * CVE-2014-3677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677> SUSE bug 813448 SUSE bug 863205 SUSE bug 866690 SUSE bug 875385 SUSE bug 889332 SUSE bug 889765 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:suse_sled:11:sp3 Security update for strongswan SUSE Linux Enterprise Desktop 11 SP3 This update fixes a NULL ptr dereference (DoS) via ID_DER_ASN1_DN ID payloads. Security Issue reference: * CVE-2014-2891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2891> SUSE bug 876449 CVE-2014-2891 cpe:/o:suse:suse_sled:11:sp3 Security update for strongswan (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 cpe:/o:suse:suse_sled:11:sp3 Security update for sudo SUSE Linux Enterprise Desktop 11 SP3 This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running 'sudo -s'. (bnc#868444) * Command 'who -m' prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106> SUSE bug 863025 SUSE bug 866503 SUSE bug 868444 CVE-2014-0106 cpe:/o:suse:suse_sled:11:sp3 Security update for tcpdump SUSE Linux Enterprise Desktop 11 SP3 When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities in protocol printers have been fixed: * IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * Ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * PPP printer remote DoS (CVE-2014-9140, bnc#923142) Security Issues: * CVE-2015-0261 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261> * CVE-2015-2154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154> * CVE-2014-9140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140> SUSE bug 922220 SUSE bug 922222 SUSE bug 923142 CVE-2014-9140 CVE-2015-0261 CVE-2015-2154 cpe:/o:suse:suse_sled:11:sp3 Security update for telepathy-idle SUSE Linux Enterprise Desktop 11 SP3 Telepathy-idle did not check SSL certificates. CVE-2007-6746 was assigned to this issue. Security Issue reference: * CVE-2007-6746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746> SUSE bug 817120 CVE-2007-6746 cpe:/o:suse:suse_sled:11:sp3 Security update for tidy (Low) SUSE Linux Enterprise Desktop 11 SP3 This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Low SUSE bug 933588 CVE-2015-5522 CVE-2015-5523 cpe:/o:suse:suse_sled:11:sp3 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP3 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/o:suse:suse_sled:11:sp3 Security update for unzip SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues: * CVE-2014-8139: input sanitization errors (bnc#909214) * CVE-2014-9636: out-of-bounds read/write in test_compr_eb() (bnc#914442) Security Issues: * CVE-2014-9636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636> * CVE-2014-8139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139> SUSE bug 909214 SUSE bug 914442 CVE-2014-8139 CVE-2014-9636 cpe:/o:suse:suse_sled:11:sp3 Security update for vino SUSE Linux Enterprise Desktop 11 SP3 vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745> SUSE bug 843174 CVE-2013-5745 cpe:/o:suse:suse_sled:11:sp3 Security update for vorbis-tools (Moderate) SUSE Linux Enterprise Desktop 11 SP3 vorbis-tools was updated to fix several security issues. - A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795). - A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). Moderate SUSE bug 914439 SUSE bug 914441 SUSE bug 943795 CVE-2014-9638 CVE-2014-9639 CVE-2015-6749 cpe:/o:suse:suse_sled:11:sp3 Security update for wget SUSE Linux Enterprise Desktop 11 SP3 wget has been updated to fix one security issue and two non-security issues. This security issue has been fixed: * FTP symlink arbitrary filesystem access (CVE-2014-4877). These non-security issues have been fixed: * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877> SUSE bug 885069 SUSE bug 901276 SUSE bug 902709 CVE-2014-4877 cpe:/o:suse:suse_sled:11:sp3 Security update for wireshark SUSE Linux Enterprise Desktop 11 SP3 wireshark has been updated to version 1.10.11 to fix five security issues. These security issues have been fixed: * SigComp UDVM buffer overflow (CVE-2014-8710). * AMQP dissector crash (CVE-2014-8711). * NCP dissector crashes (CVE-2014-8712, CVE-2014-8713). * TN5250 infinite loops (CVE-2014-8714). This non-security issue has been fixed: * enable zlib (bnc#899303). Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html <https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html> Security Issues: * CVE-2014-8711 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711> * CVE-2014-8710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710> * CVE-2014-8714 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714> * CVE-2014-8712 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712> * CVE-2014-8713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713> SUSE bug 899303 SUSE bug 905245 SUSE bug 905246 SUSE bug 905247 SUSE bug 905248 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 cpe:/o:suse:suse_sled:11:sp3 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP3 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/o:suse:suse_sled:11:sp3 Security update for wireshark (Low) SUSE Linux Enterprise Desktop 11 SP3 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/o:suse:suse_sled:11:sp3 Security update for wpa_supplicant SUSE Linux Enterprise Desktop 11 SP3 This update fixes a remote code execution vulnerability in wpa_supplicant's wpa_cli and hostapd_cli tools. CVE-2014-3686 has been assigned to this issue. Additionally, password based authentication with PKCS#5v2 has been enabled. Security Issues: * CVE-2014-3686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686> SUSE bug 868937 SUSE bug 900611 CVE-2014-3686 cpe:/o:suse:suse_sled:11:sp3 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Desktop 11 SP3 wpa_supplicant was updated to fix two security issues. These security issues were fixed: - CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078). - CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077). Moderate SUSE bug 930077 SUSE bug 930078 CVE-2015-4141 CVE-2015-4142 cpe:/o:suse:suse_sled:11:sp3 Security update for xalan-j2 SUSE Linux Enterprise Desktop 11 SP3 xalan-j2 has been updated to ensure that secure processing can't be circumvented (CVE-2014-0107). Security Issues: * CVE-2014-0107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107> SUSE bug 870082 CVE-2014-0107 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 Xen was updated to fix two security issues and a bug: * CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. * CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. * An exception in setCPUAffinity when restoring guests. (bsc#910441) Security Issues: * CVE-2015-3456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456> * CVE-2015-3340 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340> SUSE bug 910441 SUSE bug 927967 SUSE bug 929339 CVE-2015-3456 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 Xen has been updated to version 4.2.5 with additional patches to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor (CVE-2014-8867). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). These non-security issues have been fixed: * Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). * Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). * Increase limit domUloader to 32MB (bnc#901317). * Adjust xentop column layout (bnc#896023). Security Issues: * CVE-2014-9030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9030> * CVE-2014-8867 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867> * CVE-2014-8866 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866> * CVE-2014-8595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595> * CVE-2014-8594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8594> SUSE bug 866902 SUSE bug 882089 SUSE bug 896023 SUSE bug 901317 SUSE bug 903850 SUSE bug 903967 SUSE bug 903970 SUSE bug 905465 SUSE bug 905467 SUSE bug 906439 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 cpe:/o:suse:suse_sled:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP3 xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Important SUSE bug 922709 SUSE bug 932996 SUSE bug 935634 SUSE bug 938344 SUSE bug 939709 SUSE bug 939712 CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 cpe:/o:suse:suse_sled:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP3 xen was updated to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bsc#941074: Device 51728 could not be connected. Hotplug scripts not working Important SUSE bug 877642 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 941074 SUSE bug 944463 SUSE bug 944697 SUSE bug 947165 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues: The following security issues have been addressed: * CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55) * CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55) * CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55) * CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54) * CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53) * CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57) * CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. Also the following bugs have been fixed: * performance issues in mirror lvm (bnc#801663) * aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085) * Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269) * Did not boot with i915 graphics controller with VT-d enabled (bnc#817210) Security Issue references: * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> SUSE bug 801663 SUSE bug 808085 SUSE bug 808269 SUSE bug 817210 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 SUSE bug 823011 SUSE bug 823608 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing vif ratelimiting info * CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub * CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure * CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed: * Boot failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3 (bnc#835896) * SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary (bnc#836239) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3 (bnc#817799) * Various upstream fixes have been included. Security Issues: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4369> * CVE-2013-4370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4370> * CVE-2013-4371 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 817799 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833483 SUSE bug 833796 SUSE bug 834751 SUSE bug 835896 SUSE bug 836239 SUSE bug 839596 SUSE bug 839600 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 842512 SUSE bug 842513 SUSE bug 842514 SUSE bug 842515 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-1918 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 The Xen hypervisor and tool-suite have been updated to fix security issues and bugs: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. * CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. * CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. * CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked. * CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed: * bnc#840997: It is possible to start a VM twice on the same node. * bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. * bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. * bnc#846849: Soft lock-up with PCI pass-through and many VCPUs. * bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'. * Increase the maximum supported CPUs in the Hypervisor to 512. Security Issues: * CVE-2013-1922 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922> * CVE-2013-2007 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> * CVE-2013-4551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4551> * CVE-2013-4553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553> * CVE-2013-4554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554> SUSE bug 833483 SUSE bug 840997 SUSE bug 842417 SUSE bug 846849 SUSE bug 848014 SUSE bug 848657 SUSE bug 849665 SUSE bug 849667 SUSE bug 849668 SUSE bug 851386 CVE-2013-1922 CVE-2013-2007 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and toolset has been updated to 4.2.4 to fix various bugs and security issues: The following security issues have been addressed: * XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) * XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. (bnc#853048) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. (bnc#860092) * XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) * XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) * XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) * XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. (bnc#860165) * XSA-86: CVE-2014-1896: libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring. (bnc#860300) * XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) * XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) Also the following non-security bugs have been fixed: * Fixed boot problems with Xen kernel. '(XEN) setup 0000:00:18.0 for d0 failed (-19)' (bnc#858311) * Fixed Xen hypervisor panic on 8-blades nPar with 46-bit memory addressing. (bnc#848014) * Fixed Xen hypervisor panic in HP's UEFI x86_64 platform and with xen environment, in booting stage. (bnc#833251) * xend/pvscsi: recognize also SCSI CDROM devices (bnc#863297) * pygrub: Support (/dev/xvda) style disk specifications Security Issue references: * CVE-2013-2212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212> * CVE-2013-6400 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6400> * CVE-2013-6885 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885> * CVE-2014-1642 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1642> * CVE-2014-1666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666> * CVE-2014-1891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891> * CVE-2014-1892 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892> * CVE-2014-1893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893> * CVE-2014-1894 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894> * CVE-2014-1895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1895> * CVE-2014-1896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896> * CVE-2014-1950 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950> SUSE bug 831120 SUSE bug 833251 SUSE bug 848014 SUSE bug 853048 SUSE bug 853049 SUSE bug 858311 SUSE bug 860092 SUSE bug 860163 SUSE bug 860165 SUSE bug 860300 SUSE bug 860302 SUSE bug 861256 SUSE bug 863297 CVE-2013-2212 CVE-2013-6400 CVE-2013-6885 CVE-2014-1642 CVE-2014-1666 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 CVE-2014-1895 CVE-2014-1896 CVE-2014-1950 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344> * CVE-2013-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-3967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967> * CVE-2014-3968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188> SUSE bug 798770 SUSE bug 833483 SUSE bug 842006 SUSE bug 858178 SUSE bug 862608 SUSE bug 864801 SUSE bug 865682 SUSE bug 867910 SUSE bug 878841 SUSE bug 880751 SUSE bug 881900 SUSE bug 882092 SUSE bug 891539 SUSE bug 895798 SUSE bug 895799 SUSE bug 895802 SUSE bug 897657 CVE-2013-4344 CVE-2013-4540 CVE-2014-2599 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests. * XSA-125: Long latency MMIO mapping operations were not preemptible. * CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. * CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. * CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Also fixed: * Fully virtualized guest install from network source failed with 'cannot find guest domain' in XEN. (bsc#919341) Security Issues: * CVE-2015-2044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044> * CVE-2015-2045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045> * CVE-2015-2151 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151> * CVE-2015-2756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756> SUSE bug 918995 SUSE bug 918998 SUSE bug 919341 SUSE bug 919464 SUSE bug 922705 SUSE bug 922706 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2756 cpe:/o:suse:suse_sled:11:sp3 Security update for Xen SUSE Linux Enterprise Desktop 11 SP3 Xen was updated to fix seven security vulnerabilities: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bnc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bnc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bnc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bnc#931628) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior. (XSA-134, bnc#932790) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bnc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bnc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932790 SUSE bug 932996 CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/o:suse:suse_sled:11:sp3 Security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP3 This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/o:suse:suse_sled:11:sp3 Security update for xfsprogs (Moderate) SUSE Linux Enterprise Desktop 11 SP3 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/o:suse:suse_sled:11:sp3 Security update for xinetd SUSE Linux Enterprise Desktop 11 SP3 The multiplexing system xinetd was updated to fix security issues and a bug. Security issues fixed: * CVE-2013-4342: xinetd ignores user and group directives for tcpmux services. * CVE-2012-0862: xinetd enables all services when tcp multiplexing is used. Bug fixed: * Services started by xinetd were limited to 1024 open file descriptors. (bnc#855685) Security Issues references: * CVE-2012-0862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862> * CVE-2013-4342 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342> SUSE bug 762294 SUSE bug 844230 SUSE bug 855685 CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libs SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html <http://lists.x.org/archives/xorg-announce/2014-May/002431.html> . Security Issues references: * CVE-2014-0209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209> * CVE-2014-0210 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210> * CVE-2014-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211> SUSE bug 857544 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libX11 SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libX11 fixes several security issues. Bug 815451/821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Security Issues: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXext SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXext fixes several integer overflow issues. Bug 815451/821665 CVE-2013-1982 Security Issues: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXfixes fixed a integer overflow issue. Bug 815451/821667 CVE-2013-1983 Security Issues: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXp SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 Security Issues: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXrender SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXrender fixes several integer overflow issues. Bug 815451/821669 CVE-2013-1987 Security Issues: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXt SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXt fixes several integer and buffer overflow issues. Bug 815451/821670 CVE-2013-2002/CVE-2013-2005 Security Issues: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:suse_sled:11:sp3 Security update for xorg-x11-libXv SUSE Linux Enterprise Desktop 11 SP3 This update of xorg-x11-libXv fixes several integer and buffer overflow issues. Bug 815451/821671 CVE-2013-1989/CVE-2013-2066 Security Issues: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:suse_sled:11:sp3 Security update for xscreensaver (Moderate) SUSE Linux Enterprise Desktop 11 SP3 The xscreensaver package was updated to fix the following security and non security issues: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). - Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling. - Refresh xscreensaver-stars.patch. Moderate SUSE bug 952062 CVE-2015-8025 cpe:/o:suse:suse_sled:11:sp3 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Desktop 11 SP4 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Important SUSE bug 967087 CVE-2016-1523 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix: * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes * Enable atomic instructions on mips (bmo#1129878) * Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/o:suse:suse_sled:11:sp4 security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Moderate SUSE bug 939709 SUSE bug 939712 CVE-2015-5165 CVE-2015-5166 cpe:/o:suse:suse_sled:11:sp4 Security update for augeas (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/o:suse:suse_sled:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:suse_sled:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:suse_sled:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:suse_sled:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:suse_sled:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/o:suse:suse_sled:11:sp4 Security update for cabextract (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This security update fixes the following issues: - Fix possible infinite loop caused DoS (bsc919283, CVE-2014-9556) - Fix zero dereference (bsc#934524, CVE-2014-9732) - Fix off by one (bsc#934527, CVE-2015-4470) - Fix buffer under-read crash (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934527 SUSE bug 934528 CVE-2014-9556 CVE-2014-9732 CVE-2015-4470 CVE-2015-4471 cpe:/o:suse:suse_sled:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:suse_sled:11:sp4 Security update for compat-openssl097g (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for compat-openssl097g fixes the following issues: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Important SUSE bug 963415 SUSE bug 968046 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:suse_sled:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/o:suse:suse_sled:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/o:suse:suse_sled:11:sp4 Security update for dhcpcd (Important) SUSE Linux Enterprise Desktop 11 SP4 dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:suse_sled:11:sp4 Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:suse_sled:11:sp4 Security update for fetchmail (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Moderate SUSE bug 775988 CVE-2012-3482 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP4 flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Critical SUSE bug 937339 CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP4 flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Critical SUSE bug 937752 CVE-2015-5122 CVE-2015-5123 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP4 This security update to 11.2.202.508 (bsc#941239) fixes the following issues: * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Critical SUSE bug 941239 CVE-2015-3107 CVE-2015-5124 CVE-2015-5125 CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Important SUSE bug 946880 CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Important SUSE bug 950169 CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Critical) SUSE Linux Enterprise Desktop 11 SP4 flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Critical SUSE bug 950474 CVE-2015-7645 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The flash-player package was updated to fix the following security issues: - Security update to 11.2.202.548 (bsc#954512): * APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046 Moderate SUSE bug 954512 CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7659 CVE-2015-7660 CVE-2015-7661 CVE-2015-7662 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html Important SUSE bug 958324 CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution. - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Important SUSE bug 960317 CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (bsc#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Important SUSE bug 965901 CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 cpe:/o:suse:suse_sled:11:sp4 Security update for flash-player (Important) SUSE Linux Enterprise Desktop 11 SP4 Adobe flash-player was updated to 11.2.202.577 to fix the following list of security issues (bsc#970547): These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000). These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2016-1001). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005). Adobe advisory with more information: https://helpx.adobe.com/security/products/flash-player/apsb16-08.html Important SUSE bug 970547 CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 cpe:/o:suse:suse_sled:11:sp4 Security update for foomatic-filters (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Moderate SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:suse_sled:11:sp4 Security update for gcc5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed: - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. Moderate SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 cpe:/o:suse:suse_sled:11:sp4 Security update for giflib (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/o:suse:suse_sled:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/o:suse:suse_sled:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:suse_sled:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/o:suse:suse_sled:11:sp4 Security update for gpg2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Moderate SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:suse_sled:11:sp4 Security update for grub2 (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Also following bugs were fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Important SUSE bug 884828 SUSE bug 884830 SUSE bug 946148 SUSE bug 952539 SUSE bug 954592 SUSE bug 956631 CVE-2015-8370 cpe:/o:suse:suse_sled:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/o:suse:suse_sled:11:sp4 Security update for gdk2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/o:suse:suse_sled:11:sp4 Security update for icedtea-web (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. * permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * RH1231441 Unable to read the text of the buttons of the security dialogue * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) * Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) * MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed Moderate SUSE bug 944208 SUSE bug 944209 CVE-2015-5234 CVE-2015-5235 cpe:/o:suse:suse_sled:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Desktop 11 SP4 icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129). Moderate SUSE bug 917129 CVE-2014-9654 cpe:/o:suse:suse_sled:11:sp4 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Desktop 11 SP4 OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Important SUSE bug 938248 CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:suse_sled:11:sp4 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Desktop 11 SP4 java-1_7_0-openjdk was updated to version 7u91 to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376). - CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376). - CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376). - CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376). - CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376). - CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376). - CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376). - CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376). - CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376). - CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376). - CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376). - CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376). - CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376). - CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376). - CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376). Important SUSE bug 951376 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 cpe:/o:suse:suse_sled:11:sp4 Security update for java-1_7_0-openjdk (Critical) SUSE Linux Enterprise Desktop 11 SP4 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Critical SUSE bug 960996 SUSE bug 962743 CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sled:11:sp4 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Desktop 11 SP4 The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency, which could be used by attackers to inject code. * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses * Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. * CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed * AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac * PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Important SUSE bug 972468 CVE-2016-0636 cpe:/o:suse:suse_sled:11:sp4 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/o:suse:suse_sled:11:sp4 Security update for kernel-source (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). * CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - NFS: never queue requests with rq_cong set on the sending queue (bsc#932458). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - Apparmor: fix file_permission if profile is updated (bsc#917968). - block: Discard bios do not have data (bsc#928988). - cifs: Fix missing crypto allocation (bnc#937402). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582). - drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi: Correctly set the scsi host/msg/status bytes (bnc#933936). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002) - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: enable sch_mqprio (bsc#932882) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). Moderate SUSE bug 777565 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 884333 SUSE bug 886785 SUSE bug 891116 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 917968 SUSE bug 919463 SUSE bug 920016 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923002 SUSE bug 923245 SUSE bug 923431 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 928988 SUSE bug 929076 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930934 SUSE bug 931620 SUSE bug 932350 SUSE bug 932458 SUSE bug 932882 SUSE bug 933429 SUSE bug 933721 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934944 SUSE bug 935053 SUSE bug 935055 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936095 SUSE bug 936118 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936921 SUSE bug 936925 SUSE bug 937032 SUSE bug 937256 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 938485 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 940925 SUSE bug 940966 SUSE bug 942204 SUSE bug 942305 SUSE bug 942350 SUSE bug 942367 SUSE bug 942404 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943477 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 CVE-2015-6252 cpe:/o:suse:suse_sled:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The following non-security bugs were fixed: - alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561). - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658). - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - nvme: default to 4k device page size (bsc#967042). - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815). - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094). - sunrpc: restore fair scheduling to priority queues (bsc#955308). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: pl2303: clean up line-status handling (bnc#959649). - usb: pl2303: only wake up MSR queue on changes (bnc#959649). - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - xen: Update Xen config files (enable upstream block frontend). - ec2: Update kabi files and start tracking ec2 - xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#933782). - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200). - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818). - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369). - bnx2x: fix DMA API usage (bsc#953369). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200). - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369) - kbuild: create directory for dir/file.o (bsc#959312). - llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - pci: Update VPD size with correct length (bsc#958906). - pl2303: fix TIOCMIWAIT (bnc#959649). - pl2303: introduce private disconnect method (bnc#959649). - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514). - s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434). - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434). - s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434). - s390/cio: update measurement characteristics (bnc#958000, LTC#136434). - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143). - s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - supported.conf: Add xen-blkfront. - tg3: 5715 does not link up when autoneg off (bsc#904035). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix netpoll race condition (bsc#958912). - xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200). - xen-blkfront: Handle discard requests (bsc#961658 fate#320200). - xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200). - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200). - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200). - xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200). - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200). - xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200). - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200). - xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200). - xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200). - xen-blkfront: free allocated page (bsc#961658 fate#320200). - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200). - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200). - xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200). - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200). - xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200). - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200). - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200). - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200). - xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200). - xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200). - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200). - xen-blkfront: switch from llist to list (bsc#961658 fate#320200). - xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200). - xen-block: implement indirect descriptors (bsc#961658 fate#320200). - xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200). - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200). - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200). - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200). - xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200). - xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200). - xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200). - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200). - xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183). - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479). Important SUSE bug 758040 SUSE bug 904035 SUSE bug 912738 SUSE bug 915183 SUSE bug 924919 SUSE bug 933782 SUSE bug 937444 SUSE bug 940017 SUSE bug 940946 SUSE bug 942082 SUSE bug 947128 SUSE bug 948330 SUSE bug 949298 SUSE bug 951392 SUSE bug 951815 SUSE bug 952976 SUSE bug 953369 SUSE bug 954992 SUSE bug 955308 SUSE bug 955654 SUSE bug 955837 SUSE bug 955925 SUSE bug 956084 SUSE bug 956375 SUSE bug 956514 SUSE bug 956708 SUSE bug 956949 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 958000 SUSE bug 958463 SUSE bug 958886 SUSE bug 958906 SUSE bug 958912 SUSE bug 958951 SUSE bug 959190 SUSE bug 959312 SUSE bug 959399 SUSE bug 959649 SUSE bug 959705 SUSE bug 961500 SUSE bug 961509 SUSE bug 961516 SUSE bug 961658 SUSE bug 962965 SUSE bug 963276 SUSE bug 963561 SUSE bug 963765 SUSE bug 963767 SUSE bug 964201 SUSE bug 964818 SUSE bug 966094 SUSE bug 966137 SUSE bug 966437 SUSE bug 966693 SUSE bug 967042 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 969307 CVE-2013-7446 CVE-2015-7515 CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 cpe:/o:suse:suse_sled:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Desktop 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer '^A' notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Important SUSE bug 814440 SUSE bug 879378 SUSE bug 879381 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 921081 SUSE bug 926774 SUSE bug 930145 SUSE bug 930770 SUSE bug 930788 SUSE bug 930835 SUSE bug 932805 SUSE bug 935123 SUSE bug 935757 SUSE bug 937256 SUSE bug 937444 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940913 SUSE bug 940946 SUSE bug 941202 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944677 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946214 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949936 SUSE bug 949981 SUSE bug 950298 SUSE bug 950750 SUSE bug 950998 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 953799 SUSE bug 953980 SUSE bug 954404 SUSE bug 954628 SUSE bug 954950 SUSE bug 954984 SUSE bug 955673 SUSE bug 956709 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 cpe:/o:suse:suse_sled:11:sp4 Security update for krb5 (Important) SUSE Linux Enterprise Desktop 11 SP4 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/o:suse:suse_sled:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/o:suse:suse_sled:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Moderate SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8631 cpe:/o:suse:suse_sled:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/o:suse:suse_sled:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Desktop 11 SP4 kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Important SUSE bug 938344 CVE-2015-5154 cpe:/o:suse:suse_sled:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Other bugs fixed: - To assist users past the migration incompatibility discussed in bsc#950590 (restore migration compatibility with SLE11 SP3 and SLE12, at the unfortunate expense to prior SLE11 SP4 kvm release compatability when a virtio-net device is used), print a message which references the support document TID 7017048. See https://www.suse.com/support/kb/doc.php?id=7017048 - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) - Fix kvm live migration fails between sles11 sp3 and sp4 (bsc#950590) Important SUSE bug 947164 SUSE bug 950590 SUSE bug 953187 SUSE bug 956829 SUSE bug 957162 CVE-2015-7512 CVE-2015-8345 cpe:/o:suse:suse_sled:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/o:suse:suse_sled:11:sp4 Security update for libksba (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/o:suse:suse_sled:11:sp4 Security update for libmspack (Moderate) SUSE Linux Enterprise Desktop 11 SP4 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:suse_sled:11:sp4 Security update for libotr (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for libotr fixes the following issues: - Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785) Moderate SUSE bug 969785 CVE-2016-2851 cpe:/o:suse:suse_sled:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:suse_sled:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/o:suse:suse_sled:11:sp4 Recommended update for LibreOffice (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ * LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases * New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. * LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed: * CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. * CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. * CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. * CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. * CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. * CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Moderate SUSE bug 306333 SUSE bug 547549 SUSE bug 668145 SUSE bug 679938 SUSE bug 681560 SUSE bug 688200 SUSE bug 718113 SUSE bug 73544 SUSE bug 806250 SUSE bug 857026 SUSE bug 889755 SUSE bug 890735 SUSE bug 907636 SUSE bug 907966 SUSE bug 910805 SUSE bug 910806 SUSE bug 914911 SUSE bug 934423 SUSE bug 936188 SUSE bug 936190 SUSE bug 939996 SUSE bug 940838 SUSE bug 943075 SUSE bug 945047 SUSE bug 945692 SUSE bug 951579 SUSE bug 954345 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 cpe:/o:suse:suse_sled:11:sp4 Security update for librsvg (Important) SUSE Linux Enterprise Desktop 11 SP4 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/o:suse:suse_sled:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/o:suse:suse_sled:11:sp4 Security update for libssh (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for libssh fixes the following issues: CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. (bsc#965875) Moderate SUSE bug 965875 CVE-2016-0739 cpe:/o:suse:suse_sled:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange (fate#320343, bsc#961964) - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Moderate SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 cpe:/o:suse:suse_sled:11:sp4 Security update for libvdpau (Moderate) SUSE Linux Enterprise Desktop 11 SP4 libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. * CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) * CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) * CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969) Moderate SUSE bug 943967 SUSE bug 943968 SUSE bug 943969 CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:suse_sled:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for libvirt fixes the following issues: Security issue: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (bsc#953110) Bugs fixed: - bsc#960305: xenxs: support parsing and formatting vif bandwidth - bsc#961173: xen: use correct domctl version in domaininfolist union - bsc#959094: xen: Disable building xen-inotify subdriver. It is unmaintained and contains bugs that can cause client connection failures. - bsc#948686: qemu: Use PAUSED state for domains that are starting up - bsc#948516: Fix profile_status to distringuish between errors and unconfined domains. Moderate SUSE bug 948516 SUSE bug 948686 SUSE bug 953110 SUSE bug 959094 SUSE bug 960305 SUSE bug 961173 CVE-2015-5313 cpe:/o:suse:suse_sled:11:sp4 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:suse_sled:11:sp4 Security update for libwmf (Moderate) SUSE Linux Enterprise Desktop 11 SP4 libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Moderate SUSE bug 831299 SUSE bug 933109 SUSE bug 936058 SUSE bug 936062 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:suse:suse_sled:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/o:suse:suse_sled:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/o:suse:suse_sled:11:sp4 Security update for lxc (Moderate) SUSE Linux Enterprise Desktop 11 SP4 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/o:suse:suse_sled:11:sp4 Security update for mono-core (Moderate) SUSE Linux Enterprise Desktop 11 SP4 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:suse_sled:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:suse_sled:11:sp4 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Desktop 11 SP4 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp4 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/o:suse:suse_sled:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/o:suse:suse_sled:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/o:suse:suse_sled:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/o:suse:suse_sled:11:sp4 Security update for net-snmp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/o:suse:suse_sled:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Fix the comment regarding addserver in ntp.conf (bnc#910063). - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove 'kod' from the restrict line in ntp.conf (bsc#944300). - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Require perl-Socket6 (bsc#942441). - Fix incomplete backporting of 'rcntp ntptimemset'. Moderate SUSE bug 905885 SUSE bug 910063 SUSE bug 936327 SUSE bug 942441 SUSE bug 942587 SUSE bug 944300 SUSE bug 951608 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 cpe:/o:suse:suse_sled:11:sp4 Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/o:suse:suse_sled:11:sp4 Security update for openldap2 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/o:suse:suse_sled:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Desktop 11 SP4 OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. (bsc#936695) * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (bsc#938746) * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM. (bsc#932483) * Hardening patch to fix sftp RCE. (bsc#903649) * CVE-2015-6563: The monitor component in sshd accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Additional a bug was fixed that could lead to openssh not working in chroot (bsc#947458). Moderate SUSE bug 903649 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 SUSE bug 939932 SUSE bug 943006 SUSE bug 943010 SUSE bug 945484 SUSE bug 945493 SUSE bug 947458 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 cpe:/o:suse:suse_sled:11:sp4 Security update for openssh (Critical) SUSE Linux Enterprise Desktop 11 SP4 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:suse_sled:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:suse_sled:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:suse_sled:11:sp4 Security update for orca (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Moderate SUSE bug 916835 CVE-2013-4245 cpe:/o:suse:suse_sled:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/o:suse:suse_sled:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix 'unresolved symbol' errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html - Relax dependency on libpq to major version. Important SUSE bug 949669 SUSE bug 949670 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 cpe:/o:suse:suse_sled:11:sp4 Recommended update for python-setuptools (Moderate) SUSE Linux Enterprise Desktop 11 SP4 python-setuptools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189) Moderate SUSE bug 930189 CVE-2013-7440 cpe:/o:suse:suse_sled:11:sp4 Security update for rpcbind (Moderate) SUSE Linux Enterprise Desktop 11 SP4 A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Moderate SUSE bug 940191 SUSE bug 946204 CVE-2015-7236 cpe:/o:suse:suse_sled:11:sp4 Security update for rsync (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Moderate SUSE bug 900914 SUSE bug 915410 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:suse_sled:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). Important SUSE bug 967017 SUSE bug 968222 CVE-2015-7560 cpe:/o:suse:suse_sled:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Desktop 11 SP4 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/o:suse:suse_sled:11:sp4 Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Moderate SUSE bug 942628 CVE-2015-5185 cpe:/o:suse:suse_sled:11:sp4 Security update for socat (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Moderate SUSE bug 821985 SUSE bug 860991 SUSE bug 964844 CVE-2013-3571 CVE-2014-0019 cpe:/o:suse:suse_sled:11:sp4 Security update for strongswan (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 cpe:/o:suse:suse_sled:11:sp4 Security update for tidy (Low) SUSE Linux Enterprise Desktop 11 SP4 This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Low SUSE bug 933588 CVE-2015-5522 CVE-2015-5523 cpe:/o:suse:suse_sled:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/o:suse:suse_sled:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Moderate SUSE bug 960341 SUSE bug 964225 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 cpe:/o:suse:suse_sled:11:sp4 Security update for vorbis-tools (Moderate) SUSE Linux Enterprise Desktop 11 SP4 vorbis-tools was updated to fix several security issues. - A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795). - A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). Moderate SUSE bug 914439 SUSE bug 914441 SUSE bug 943795 CVE-2014-9638 CVE-2014-9639 CVE-2015-6749 cpe:/o:suse:suse_sled:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Desktop 11 SP4 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/o:suse:suse_sled:11:sp4 Security update for wireshark (Low) SUSE Linux Enterprise Desktop 11 SP4 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/o:suse:suse_sled:11:sp4 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Desktop 11 SP4 wpa_supplicant was updated to fix two security issues. These security issues were fixed: - CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078). - CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077). Moderate SUSE bug 930077 SUSE bug 930078 CVE-2015-4141 CVE-2015-4142 cpe:/o:suse:suse_sled:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issue was fixed: - Kdump did not work in a XEN environment (bsc#925466). Important SUSE bug 925466 SUSE bug 935634 SUSE bug 938344 CVE-2015-3259 CVE-2015-5154 cpe:/o:suse:suse_sled:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 xen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#949549: xm create hangs when maxmen value is enclosed in quotes Important SUSE bug 877642 SUSE bug 901488 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 945167 SUSE bug 947165 SUSE bug 949138 SUSE bug 949549 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:suse_sled:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Desktop 11 SP4 xen was updated to fix 47 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958917). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969121). - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969122). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962320). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend - bsc#959928: When DomU is in state running xm domstate returned nothing Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864673 SUSE bug 864678 SUSE bug 864682 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 924018 SUSE bug 928393 SUSE bug 945404 SUSE bug 945989 SUSE bug 954872 SUSE bug 956829 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958523 SUSE bug 958917 SUSE bug 959005 SUSE bug 959387 SUSE bug 959695 SUSE bug 959928 SUSE bug 960334 SUSE bug 960707 SUSE bug 960725 SUSE bug 960835 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961358 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 963923 SUSE bug 964413 SUSE bug 965315 SUSE bug 965317 SUSE bug 967012 SUSE bug 967013 SUSE bug 967630 SUSE bug 967969 SUSE bug 969121 SUSE bug 969122 SUSE bug 969350 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 cpe:/o:suse:suse_sled:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Desktop 11 SP4 This update fixes the following security issues: - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 955399 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/o:suse:suse_sled:11:sp4 Security update for xfsprogs (Moderate) SUSE Linux Enterprise Desktop 11 SP4 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/o:suse:suse_sled:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Desktop 11 SP4 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:suse_sled:11:sp4 Security update for xscreensaver (Moderate) SUSE Linux Enterprise Desktop 11 SP4 The xscreensaver package was updated to fix the following security and non security issues: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). - Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling. - Refresh xscreensaver-stars.patch. Moderate SUSE bug 952062 CVE-2015-8025 cpe:/o:suse:suse_sled:11:sp4 Security update for conntrack-tools (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (bsc#942149, CVE-2015-6496) Moderate SUSE bug 942149 CVE-2015-6496 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ctdb SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 This update for ctdb provides fixes for the following issues: * Insecure temporary file creation potentially allows for exploitation via symbolic links. (CVE-2013-4159) * Excessive lock contention can result in severe performance degradation when a CTDB cluster is under load. Security Issue reference: * CVE-2013-4159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4159> SUSE bug 836064 SUSE bug 867815 CVE-2013-4159 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> SUSE bug 880730 SUSE bug 880910 CVE-2014-3466 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for hawk SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 hawk has been updated to fix security issues in the embedded rubygems: * CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) * CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). * CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). * CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). Also a minor bug has been fixed: * Misc: hb_report: Catch ArgumentError when parsing hb_report output (bnc#854060) Security Issue references: * CVE-2013-4389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389> * CVE-2013-4491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491> * CVE-2013-6414 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414> * CVE-2013-6415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415> * CVE-2013-6417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417> SUSE bug 846239 SUSE bug 853625 SUSE bug 853627 SUSE bug 853632 SUSE bug 853633 SUSE bug 854060 CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Linux kernel SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2) (bnc#871134). - drm/ast: open key before detect chips (bnc#895983). - drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - writeback: Do not sync data dirtied after sync start (bnc#833820). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add check for number of available vectors before CPU down (bnc#887418). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 833820 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871134 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879304 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 880892 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883096 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887418 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891281 SUSE bug 891619 SUSE bug 891746 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 SUSE bug 895221 SUSE bug 895608 SUSE bug 895680 SUSE bug 895983 SUSE bug 896689 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-3153 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Linux kernel SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891619 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lighttpd SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 The HTTP server lighttpd was updated to fix the following security issues: * CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name. * CVE-2014-2323: Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd allowed remote attackers to read arbitrary files via .. (dot dot) in the host name. More information can be found on the lighttpd advisory page: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt <http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt> Security Issues references: * CVE-2014-2323 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323> * CVE-2014-2324 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324> SUSE bug 867350 CVE-2014-2323 CVE-2014-2324 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rubygem-bundler SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Server 11 SP3 The Rubygem Bundler was updated to 1.7.0. Bundler 1.7 is a security-only release to address CVE-2013-0334, a vulnerability where a gem might be installed from an unintended source server, particularly while using both rubygems.org and gems.github.com. Upstream changes entry with more explanations: Any Gemfile with multiple top-level source lines cannot reliably control the gem server that a particular gem is fetched from. As a result, Bundler might install the wrong gem if more than one source provides a gem with the same name. This is especially possible in the case of Github's legacy gem server, hosted at gems.github.com. An attacker might create a malicious gem on Rubygems.org with the same name as a commonly-used Github gem. From that point forward, running bundle install might result in the malicious gem being used instead of the expected gem. To mitigate this, the Bundler and Rubygems.org teams worked together to copy almost every gem hosted on gems.github.com to rubygems.org, reducing the number of gems that can be used for such an attack. Resolution: To resolve this issue, upgrade to Bundler 1.7 by running gem install bundler. The next time you run bundle install for any Gemfile that contains multiple sources, each gem available from multiple sources will print a warning. For every warning printed, edit the Gemfile to either specify a :source option for that gem, or move the gem line into a block that is passed to a source method call. For detailed information about the changes to how sources are handled in Bundler version 1.7, see the release announcement. Security Issues: * CVE-2013-0334 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0334> SUSE bug 898205 CVE-2013-0334 cpe:/a:suse:sle-hae:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for conntrack-tools (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (bsc#942149, CVE-2015-6496) Moderate SUSE bug 942149 CVE-2015-6496 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for csync2 (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for csync2 fixes the following issues: - CVE-2019-15522: Fixed an issue where daemon fails to enforce TLS (bsc#1147137) - Fixed an issue where the TLS keys were not created correctly during installation (bsc#1145032) Moderate SUSE bug 1145032 SUSE bug 1147137 CVE-2019-15522 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ctdb (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) Important SUSE bug 969522 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 961491 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1040621 CVE-2017-6891 CVE-2017-7869 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460). - CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002). Moderate SUSE bug 1047002 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10846 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for graphviz (Low) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Low SUSE bug 1093447 CVE-2018-10196 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for hawk (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for hawk fixes the following issues: - Set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) - Colocation: Fix NameError when creating 2-resource constraints (bsc#957369) Moderate SUSE bug 957369 SUSE bug 984619 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Important SUSE bug 1000365 SUSE bug 1000380 SUSE bug 1012422 SUSE bug 1013018 SUSE bug 1015452 SUSE bug 1023051 SUSE bug 1029140 SUSE bug 1029850 SUSE bug 1030552 SUSE bug 1030593 SUSE bug 1030814 SUSE bug 1032340 SUSE bug 1032471 SUSE bug 1034026 SUSE bug 1034670 SUSE bug 1035576 SUSE bug 1035721 SUSE bug 1035777 SUSE bug 1035920 SUSE bug 1036056 SUSE bug 1036288 SUSE bug 1036629 SUSE bug 1037191 SUSE bug 1037193 SUSE bug 1037227 SUSE bug 1037232 SUSE bug 1037233 SUSE bug 1037356 SUSE bug 1037358 SUSE bug 1037359 SUSE bug 1037441 SUSE bug 1038544 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039258 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040351 SUSE bug 1041160 SUSE bug 1041431 SUSE bug 1041762 SUSE bug 1041975 SUSE bug 1042045 SUSE bug 1042615 SUSE bug 1042633 SUSE bug 1042687 SUSE bug 1042832 SUSE bug 1042863 SUSE bug 1043014 SUSE bug 1043234 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044216 SUSE bug 1044230 SUSE bug 1044854 SUSE bug 1044882 SUSE bug 1044913 SUSE bug 1045154 SUSE bug 1045356 SUSE bug 1045416 SUSE bug 1045479 SUSE bug 1045487 SUSE bug 1045525 SUSE bug 1045538 SUSE bug 1045547 SUSE bug 1045615 SUSE bug 1046107 SUSE bug 1046192 SUSE bug 1046715 SUSE bug 1047027 SUSE bug 1047053 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047523 SUSE bug 1047653 SUSE bug 1048185 SUSE bug 1048221 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049128 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049688 SUSE bug 1049882 SUSE bug 1050154 SUSE bug 1050431 SUSE bug 1051478 SUSE bug 1051515 SUSE bug 1051770 SUSE bug 1055680 SUSE bug 784815 SUSE bug 792863 SUSE bug 799133 SUSE bug 909618 SUSE bug 919382 SUSE bug 928138 SUSE bug 938352 SUSE bug 943786 SUSE bug 948562 SUSE bug 962257 SUSE bug 971975 SUSE bug 972891 SUSE bug 986924 SUSE bug 990682 SUSE bug 995542 CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). Important SUSE bug 1012382 SUSE bug 1045538 SUSE bug 1048585 SUSE bug 1050431 SUSE bug 1054305 SUSE bug 1059174 SUSE bug 1060279 SUSE bug 1060682 SUSE bug 1063544 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1069508 SUSE bug 1070623 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074880 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076437 SUSE bug 1076849 SUSE bug 1077191 SUSE bug 1077355 SUSE bug 1077406 SUSE bug 1077487 SUSE bug 1077560 SUSE bug 1077922 SUSE bug 1078875 SUSE bug 1079917 SUSE bug 1080133 SUSE bug 1080359 SUSE bug 1080363 SUSE bug 1080372 SUSE bug 1080579 SUSE bug 1080685 SUSE bug 1080774 SUSE bug 1081500 SUSE bug 936530 SUSE bug 962257 CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add 'on'/'off' support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert 'NFS: Make close(2) asynchronous when closing NFS O_DIRECT files' (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert ' libfc: use offload EM instance again instead jumping to next EM' (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove 'weak' from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1012382 SUSE bug 1031572 SUSE bug 1068032 SUSE bug 1086695 SUSE bug 1087081 SUSE bug 1094244 SUSE bug 1098658 SUSE bug 1104098 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105536 SUSE bug 1106105 SUSE bug 1106886 SUSE bug 1107371 SUSE bug 1109330 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1112963 SUSE bug 1113667 SUSE bug 1114440 SUSE bug 1114672 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1115827 SUSE bug 1115828 SUSE bug 1115829 SUSE bug 1115830 SUSE bug 1115831 SUSE bug 1115832 SUSE bug 1115833 SUSE bug 1115834 SUSE bug 1115835 SUSE bug 1115836 SUSE bug 1115837 SUSE bug 1115838 SUSE bug 1115839 SUSE bug 1115840 SUSE bug 1115841 SUSE bug 1115842 SUSE bug 1115843 SUSE bug 1115844 SUSE bug 1116841 SUSE bug 1117796 SUSE bug 1117802 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117943 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1118760 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120056 SUSE bug 1120077 SUSE bug 1120086 SUSE bug 1120093 SUSE bug 1120094 SUSE bug 1120105 SUSE bug 1120107 SUSE bug 1120109 SUSE bug 1120217 SUSE bug 1120223 SUSE bug 1120226 SUSE bug 1120336 SUSE bug 1120347 SUSE bug 1120743 SUSE bug 1120950 SUSE bug 1121872 SUSE bug 1121997 SUSE bug 1122874 SUSE bug 1123505 SUSE bug 1123702 SUSE bug 1123706 SUSE bug 1124010 SUSE bug 1124735 SUSE bug 1125931 SUSE bug 931850 SUSE bug 969471 SUSE bug 969473 CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 The SUSE Linux Enterprise 11-SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-17052: ax25_create in the AF_AX25 network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket, aka CID-0614e2b73768. (bnc#1152779) - CVE-2019-17055: base_sock_create in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (bnc#1152782) - CVE-2019-17054: atalk_create in the AF_APPLETALK network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. (bnc#1152786) - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17053: ieee802154_create in the AF_IEEE802154 network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users could create a raw socket, aka CID-e69dbd4619e7. (bnc#1152789) - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems. (bnc#1151347) - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function. (bnc#1146540) - CVE-2019-15807: There was a memory leak in the SAS expander driver when SAS expander discovery fails. This could cause a denial of service. (bnc#1148938) - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux the kernel's KVM hypervisor implemented the Coalesced MMIO write operation. It operated on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (bnc#1151350) - CVE-2019-15505: The Linux kernel had an out-of-bounds read via crafted USB device traffic (which may have been remote via usbip or usbredir). (bnc#1147122) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host. (bnc#1150112) - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bnc#1146361) - CVE-2019-9456: In the Android kernel in Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction was not needed for exploitation. (bnc#1150025) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c. (bnc#1149522) - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered)\ code lines were swapped. (bnc#1149376) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bnc#1146524) - CVE-2017-18509: An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue could be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurred because sk_type and protocol were not checked in the appropriate part of the ip6_mroute_* functions. (bnc#1145477) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bnc#1146391) - CVE-2019-15292: There was a use-after-free in atalk_proc_exit. (bnc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bnc#1146547) - CVE-2018-20976: A use after free was discovered in fs/xfs/xfs_super.c, related to xfs_fs_fill_super failure. (bnc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bnc#1146163) - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion. (bnc#1145922) The following non-security bugs were fixed: - add a missing lfence in kernel error entry and remove a superfluous lfence in userspace interrupt exit paths - Documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - array_index_nospec: Sanitize speculative array (bsc#1155671) - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state (bsc#1101061). - kABI Fix for IFU Patches (bsc#1117665). - kthread: Implement park/unpark facility (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop read-only large sptes when creating lower level sptes (bsc#1117665). - kvm: MMU: fast invalidate all pages (bsc1117665). - kvm: VMX: export PFEC.P bit on ept (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - mm/readahead.c: fix readahead failure for memoryless NUMA nodes and limit readahead pages (bsc#1143327). - mm: use only per-device readahead limit (bsc#1143327). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering (bsc#1150599). Important SUSE bug 1101061 SUSE bug 1113201 SUSE bug 1117665 SUSE bug 1131107 SUSE bug 1143327 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1145922 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146391 SUSE bug 1146524 SUSE bug 1146540 SUSE bug 1146547 SUSE bug 1146678 SUSE bug 1147122 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150599 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152779 SUSE bug 1152782 SUSE bug 1152786 SUSE bug 1152789 SUSE bug 1153158 SUSE bug 1155671 SUSE bug 802154 SUSE bug 936875 CVE-2017-18509 CVE-2017-18551 CVE-2018-12207 CVE-2018-20976 CVE-2019-10220 CVE-2019-11135 CVE-2019-14821 CVE-2019-14835 CVE-2019-15118 CVE-2019-15212 CVE-2019-15216 CVE-2019-15217 CVE-2019-15219 CVE-2019-15291 CVE-2019-15292 CVE-2019-15505 CVE-2019-15807 CVE-2019-15902 CVE-2019-15927 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17133 CVE-2019-9456 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for various KMPs (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update rebuilds missing kernel modules (KMP) to use 'retpolines' mitigations for Spectre Variant 2 (CVE-2017-5715). Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm Moderate SUSE bug 1095824 CVE-2017-5715 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for lighttpd (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests. (bsc#990847) - CVE-2015-3200: Log injection via malformed base64 string in Authentication header. (bsc#932286) Bug fixes: - Add su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - Fix out of bounds read in mod_scgi. Moderate SUSE bug 932286 SUSE bug 981347 SUSE bug 990847 CVE-2015-3200 CVE-2016-1000212 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pacemaker (Moderate) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for pacemaker fixes one security issue and several non-security issues. The following security issue has been fixed: - libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035) The following non-security issues have been fixed: - Add logrotate to reqs of pacemaker-cli. - Add $remote_fs dependencies to the init scripts. - all: Clarify licensing and copyrights. - attrd,ipc: Prevent possible segfault on exit. (bsc#986056) - attrd, libcrmcommon: Validate attrd requests better. - attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD. - cib/fencing: Set status callback before connecting to cluster. (bsc#974108) - ClusterMon: Fix to avoid matching other process with the same PID. - crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865) - crmd: Avoid timeout on older peers when cancelling a resource operation. - crmd: Record pending operations in the CIB before they are performed. (bsc#1003565) - crmd: Clear remote node operation history only when it comes up. - crmd: Clear remote node transient attributes on disconnect. (bsc#981489) - crmd: Don't abort transitions for CIB comment changes. - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down. - crmd: Get full action information earlier. (bsc#981731) - crmd: Graceful proxy shutdown is now tested. (bsc#981489) - crmd: Keep a state of LRMD in the DC node latest. - crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489) - crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489) - crmd/pengine: Handle on-fail=ignore properly. (bsc#981731) - crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731) - crmd: Remove dead code. (bsc#981731) - crmd: Rename action number variable in process_graph_event(). (bsc#981731) - crmd: Resend the shutdown request if the DC forgets. - crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731) - crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489) - crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489) - crmd: Support graceful pacemaker_remote stops. (bsc#981489) - crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258) - crmd: Use defined constant for magic 'direct nack' RC. (bsc#981731) - crmd: Use proper resource agent name when caching metadata. - crmd: When node load was reduced, crmd carries out a feasible action. - crm_mon: Avoid logging errors for any CIB changes that we don't care about. (bsc#986931) - crm_mon: Consistently print ms resource state. - crm_mon: Do not call setenv with null value. - crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931) - crm_mon: Fix time formatting on x32. - cts: Avoid kill usage error if DummySD stop called when already stopped. - CTS: Get Reattach test working again and up-to-date. (bsc#953192) - cts: Simulate pacemaker_remote failure with kill. (bsc#981489) - fencing/fence_legacy: Search capable devices by querying them through 'list' action for cluster-glue stonith agents. (bsc#986265) - fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108) - libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier. - libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK(). - lib: Correction of the deletion of the notice registration. - libcrmcommon: Correct directory name in log message. - libcrmcommon: Ensure crm_time_t structure is fully initialized by API calls. - libcrmcommon: Log XML comments correctly. - libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs. - libcrmcommon: Really ensure crm_time_t structure is fully initialized by API calls. - libcrmcommon: Remove extraneous format specifier from log message. - libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644) - libfencing: Report added node ID correctly. - liblrmd: Avoid memory leak when closing or deleting lrmd connections. - libpengine: Allow pe_order_same_node option for constraints. - libpengine: Log message when stonith disabled, not enabled. - libpengine: Only log startup-fencing warning once. - libtransition: Potential memory leak if unpacking action fails. - lrmd: Handle shutdown a little more cleanly. (bsc#981489) - lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null table. - lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489) - lrmd: Make proxied IPC providers/clients opaque. (bsc#981489) - mcp: Improve comments for sysconfig options. - pacemaker_remote: Set LSB Provides header to the service name. - pacemaker_remote: Support graceful stops. (bsc#981489) - PE: Correctly update the dependent actions of un-runnable clones. - PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489) - pengine: Avoid memory leak when invalid constraint involves set. - pengine: Avoid null dereference in new same-node ordering option. - pengine: Avoid transition loop for start-then-stop + unfencing. - pengine: Avoid use-after-free with location constraint + sets + templates. - pengine: Better error handling when unpacking sets in location constraints. - pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187) - pengine: Correction of the record judgment of the failed information. - pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743) - pengine: Correctly set the environment variable 'OCF_RESKEY_CRM_meta_timeout' when 'start-delay' is configured. (bsc#977258) - pengine: Only set unfencing constraints once. - pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800) - pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800) - pengine: Properly order stop actions relative to stonith. - pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675) - pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources. - pengine,tools: Display pending resource state by default when it's available. (bsc#986201) - ping: Avoid temp files in fping_check. (bsc#987348) - ping: Avoid temporary files for fping check. (bsc#987348) - ping: Log sensible error when /tmp is full. (bsc#987348) - ping resource: Use fping6 for IPv6 hosts. (bsc#976271) - RA/SysInfo: Reset the node attribute '#health_disk' to 'green' when there's sufficient free disk. (bsc#975079) - remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076) - remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644) - resources: Use OCF version tagging correctly. - services: Correctly clean up service actions for non-dbus case. - spec: fence_pcmk only eligible for Pacemaker+CMAN. - stonithd: Correction of the wrong connection process name. - sysconfig: Minor tweaks (typo, wording). - tools: Avoid memory leaks in crm_resource --restart. - tools: Avoid memory leak when crm_mon unpacks constraints. - tools: Correctly count starting resources when doing crm_resource --restart. - tools: crm_resource -T option should not be hidden anymore. - tools: crm_standby --version/--help should work without cluster. - tools: Do not send command lines to syslog. (bsc#986676) - tools: Do not assume all resources restart on same node with crm_resource --restart. - tools: Don't require node to be known to crm_resource when deleting attribute. - tools: Properly handle crm_resource --restart with a resource in a group. - tools: Remember any existing target-role when doing crm_resource --restart. - various: Issues discovered via valgrind and coverity. Additionally, the following references have been added to the changelog: bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129 Moderate SUSE bug 1000743 SUSE bug 1002767 SUSE bug 1003565 SUSE bug 1007433 SUSE bug 1009076 SUSE bug 953192 SUSE bug 970733 SUSE bug 971129 SUSE bug 972187 SUSE bug 974108 SUSE bug 975079 SUSE bug 976271 SUSE bug 976865 SUSE bug 977258 SUSE bug 977675 SUSE bug 977800 SUSE bug 981489 SUSE bug 981731 SUSE bug 986056 SUSE bug 986201 SUSE bug 986265 SUSE bug 986644 SUSE bug 986676 SUSE bug 986931 SUSE bug 987348 CVE-2016-7035 CVE-2016-7797 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for resource-agents (Important) SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. (bsc#1146690 bsc#1146784 bsc#1146785 bsc#1146787) - Fixed issues where the ocfmon user was created with a default password (bsc#1021689, bsc#1146687). Important SUSE bug 1021689 SUSE bug 1146687 SUSE bug 1146690 SUSE bug 1146784 SUSE bug 1146785 SUSE bug 1146787 cpe:/a:suse:sle-hae:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for qemu SUSE Linux Enterprise Point of Sale 11 SP2 The qemu vt100 emulation is affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). Security Issue references: * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 777084 CVE-2012-3515 cpe:/o:suse:sle-pos:11:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1113064 SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/o:suse:sle-pos:11:sp3 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179212 SUSE bug 1179269 SUSE bug 1179281 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763 CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27771 CVE-2020-27772 CVE-2020-27775 cpe:/o:suse:sle-pos:11:sp3 Security update for LibVNCServer (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sle-pos:11:sp3 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Point of Sale 11 SP3 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sle-pos:11:sp3 Security update for LibVNCServer (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sle-pos:11:sp3 Security update for LibVNCServer (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Important SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173880 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:suse:sle-pos:11:sp3 Security update for LibVNCServer (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2831 CVE-2016-2834 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Important SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Important SUSE bug 1027527 SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important) SUSE Linux Enterprise Point of Sale 11 SP3 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes: - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Important SUSE bug 1025108 SUSE bug 1031485 SUSE bug 1035082 SUSE bug 1043960 SUSE bug 930392 SUSE bug 930496 SUSE bug 935510 SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes: - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Important SUSE bug 1031485 SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sle-pos:11:sp3 Security update for OpenEXR (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for OpenEXR fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function Important SUSE bug 1184354 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3605 cpe:/o:suse:sle-pos:11:sp3 Security update for OpenEXR (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Moderate SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1192556 CVE-2021-20298 CVE-2021-20300 CVE-2021-20303 CVE-2021-20304 CVE-2021-3941 cpe:/o:suse:sle-pos:11:sp3 Security update for POS_Image3, POS_Server3 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update provides POS_Image3 and POS_Server3 version 3.5.5, which bring many fixes and enhancements: - Fixed potential security issues (bsc#946740) * use three argument perl open function consistently * use array in perl system call everywhere * use preferably perl built-in functions instead of external shell commands * improved validation of uploaded files from terminals to BS * improved runcmd code used for calling external commands - Auto-registration should not start before dhcpd is ready (bsc#1003383) - Fixed handling of HTTP redirects in registerImages (bsc#1003376) - Fixed handling x86_64 images (bsc#1003374) - Do not limit number of entries for BS LDAP (bsc#985979) - Increase max wait time to 10mins (bsc#989247) - Infer service IP when only one BS NIC is specified in LDAP (bsc#927232) - Fixed regression in directly referenced image in scWorkstation object (bsc#979925) - Fixed handling deltas of compressed images in registerImages (bsc#887607) - Fixed posleases to handle stop event correctly (bsc#883017) - Fixed save_poslogs utility to dump LDAP content on BS (bsc#890002) - Do not configure authoritative DNS outside netmask (bsc#889665) - Add ipHostNumber field to services in posAdmin-GUI (bsc#944292) - Fixed multival modification in posAdmin (bsc#840279) Moderate SUSE bug 1003374 SUSE bug 1003376 SUSE bug 1003383 SUSE bug 840279 SUSE bug 883017 SUSE bug 887607 SUSE bug 889665 SUSE bug 890002 SUSE bug 927232 SUSE bug 944292 SUSE bug 946740 SUSE bug 979925 SUSE bug 985979 SUSE bug 989247 cpe:/o:suse:sle-pos:11:sp3 Security update for SDL (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sle-pos:11:sp3 Security update for SDL (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for SDL fixes the following issues: - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c (bsc#1181201). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (bsc#1124825). - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c (bsc#1181202). Important SUSE bug 1124825 SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2019-7637 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sle-pos:11:sp3 Security update for adns (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sle-pos:11:sp3 Security update for aide (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Moderate SUSE bug 1045060 SUSE bug 1045061 SUSE bug 1045062 SUSE bug 1045065 SUSE bug 1052830 SUSE bug 1058058 SUSE bug 1064561 CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Important SUSE bug 1131239 SUSE bug 1131241 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1169066 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest Important SUSE bug 1186922 SUSE bug 1187174 CVE-2020-35452 CVE-2021-30641 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) Important SUSE bug 1190666 CVE-2021-39275 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197095 SUSE bug 1197096 CVE-2022-22720 CVE-2022-22721 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2-mod_nss (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Moderate SUSE bug 975394 SUSE bug 979688 CVE-2013-4566 CVE-2014-3566 cpe:/o:suse:sle-pos:11:sp3 Security update for apache2-mod_perl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for apache2-mod_perl fixes the following issues: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Moderate SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:sle-pos:11:sp3 Security update for arpwatch (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sle-pos:11:sp3 Security update for aspell (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sle-pos:11:sp3 Security update for atftp (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Critical) SUSE Linux Enterprise Point of Sale 11 SP3 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Moderate SUSE bug 1024130 CVE-2017-3135 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Important SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Important SUSE bug 1034162 CVE-2017-3137 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - Removed rndc.key generation from bind.spec file (bsc#1092283, bsc#1033843) bind should create the key on first boot or if it went missing. Important SUSE bug 1033843 SUSE bug 1092283 SUSE bug 1109160 SUSE bug 1171740 SUSE bug 1172220 SUSE bug 1172680 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sle-pos:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). Important SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 cpe:/o:suse:sle-pos:11:sp3 Security update for bsdtar (Important) SUSE Linux Enterprise Point of Sale 11 SP3 bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/o:suse:sle-pos:11:sp3 Security update for bzip2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sle-pos:11:sp3 Security update for bzip2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sle-pos:11:sp3 Security update for cifs-utils (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issue fixed: - Fix permissions of /var/spool/amavis. (bsc#815106) Important SUSE bug 1045490 SUSE bug 815106 CVE-2012-6706 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Important SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issue fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option. Moderate SUSE bug 1144504 SUSE bug 1149458 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Moderate SUSE bug 1118459 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1187509 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sle-pos:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sle-pos:11:sp3 Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xen SUSE Linux Enterprise Point of Sale 11 SP3 This update for the compat-wireless kernel modules provides many fixes and enhancements: * Fix potential crash problem in ath9k. (CVE-2014-2672, bnc#871148) * Fix improper updates of MAC addresses in ath9k_htc. (bnc#851426, CVE-2013-4579) * Fix stability issues in iwlwifi. (bnc#865475) * Improve support for Intel 7625 cards in iwlwifi. (bnc#51021) Installation notes: New driver modules may conflict with old modules, which are automatically loaded from the initrd file after reboot. To apply this maintenance update correctly, the following steps need to be executed on a SLEPOS system: * Rebuild image * Create specific scDistributionContainer with newly built initrd and kernel * Put the updated system image in it as a scPosImage object Alternatively, you can use a kernel parameter to enforce using the kernel from the system image: * Rebuild image * Set the kernel parameter FORCE_KEXEC, by adding the scPxeFileTemplate object under the relevant scPosImage object, with the scKernelParameters attribute containing 'FORCE_KEXEC=yes'. Security Issue references: * CVE-2014-2672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672> * CVE-2013-4579 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579> SUSE bug 851021 SUSE bug 851426 SUSE bug 865475 SUSE bug 871148 SUSE bug 883209 CVE-2013-4579 CVE-2014-2672 cpe:/o:suse:sle-pos:11:sp3 Security update for cpio (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sle-pos:11:sp3 Security update for cpio (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sle-pos:11:sp3 Security update for cups (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). - Fixed a double free which was triggered by Java application (bsc#959478). Important SUSE bug 1146358 SUSE bug 1146359 SUSE bug 959478 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sle-pos:11:sp3 Security update for cups (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cups fixes the following issues: - CVE-2020-3898: Fixed heap buffer overflow in libcups ppdFindOption() function (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sle-pos:11:sp3 Security update for cups (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sle-pos:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sle-pos:11:sp3 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sle-pos:11:sp3 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sle-pos:11:sp3 Security update for dbus-1 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sle-pos:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Moderate SUSE bug 969820 CVE-2016-2774 cpe:/o:suse:sle-pos:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sle-pos:11:sp3 Security update for dhcp (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sle-pos:11:sp3 Security update for djvulibre (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sle-pos:11:sp3 Security update for djvulibre (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sle-pos:11:sp3 Security update for djvulibre (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sle-pos:11:sp3 Security update for djvulibre (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for djvulibre fixes the following issues: - Extend CVE-2021-3630 fix (bsc#1187869). Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sle-pos:11:sp3 Security update for dnsmasq (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of 'basename' in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sle-pos:11:sp3 Security update for dnsmasq (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks (bsc#1177077). - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled (bsc#1177077). Non-security issue fixed: - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076). Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sle-pos:11:sp3 Security update for dnsmasq (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Non-security fixes: - Removed cache size limit (bsc#1138743). Important SUSE bug 1138743 SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sle-pos:11:sp3 Security update for emacs (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/o:suse:sle-pos:11:sp3 Security update for evince (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sle-pos:11:sp3 Security update for expat (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sle-pos:11:sp3 Security update for expat (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sle-pos:11:sp3 Security update for expat (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sle-pos:11:sp3 Security update for expat (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/o:suse:sle-pos:11:sp3 Security update for gcc43 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for gcc43 fixes the following issues: Security issue fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] New features: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection to mitigate the Stack Clash attack. [bnc#1039513] Non security bugs fixed: - Fixed build of 32bit libgcov.a with LFS support. [bsc#1044016] - Fixed issue with libstdc++ functional when an exception is thrown during construction. [bsc#999596] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed ICE compiling AFS modules for the s390x kernel. [bsc#938159] - Backport large file support from GCC 4.6. Moderate SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1045091 SUSE bug 1059075 SUSE bug 1074621 SUSE bug 938159 SUSE bug 977654 SUSE bug 999596 CVE-2017-1000376 cpe:/o:suse:sle-pos:11:sp3 Security update for gcc43 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Moderate SUSE bug 1086069 SUSE bug 1092807 CVE-2017-5715 cpe:/o:suse:sle-pos:11:sp3 Security update for gdb (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for gdb fixes the following issues: - CVE-2019-1010180: Fixed a buffer overflow (bsc#1142772). Moderate SUSE bug 1142772 CVE-2019-1010180 cpe:/o:suse:sle-pos:11:sp3 Security update for ghostscript-library (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/o:suse:sle-pos:11:sp3 Security update for ghostscript-library (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sle-pos:11:sp3 Security update for ghostscript-library (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Important SUSE bug 1050893 SUSE bug 1106173 SUSE bug 1107410 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107426 CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 cpe:/o:suse:sle-pos:11:sp3 Recommended update for ghostscript-library (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sle-pos:11:sp3 Security update for glib2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Important SUSE bug 1137001 CVE-2019-12450 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Important SUSE bug 1039357 CVE-2017-1000366 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Important SUSE bug 1074293 CVE-2018-1000001 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1074293 SUSE bug 1079036 SUSE bug 978209 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. Important SUSE bug 1077763 SUSE bug 1079625 SUSE bug 1086690 SUSE bug 1094161 CVE-2018-11236 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Important SUSE bug 1058774 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 941234 CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 cpe:/o:suse:sle-pos:11:sp3 Recommended update for glibc (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). Moderate SUSE bug 1064569 SUSE bug 1110170 SUSE bug 1110174 CVE-2017-15671 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). Important SUSE bug 1127308 CVE-2019-9169 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:suse:sle-pos:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) Important SUSE bug 1193615 SUSE bug 1193616 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2015-8982 CVE-2015-8983 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sle-pos:11:sp3 Security update for gpg2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sle-pos:11:sp3 Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076). - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079). - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1024076 SUSE bug 1024079 SUSE bug 1133375 CVE-2017-5837 CVE-2017-5844 CVE-2019-9928 cpe:/o:suse:sle-pos:11:sp3 Security update for inn (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for inn fixes the following issues: - CVE-2021-31998: Fixed locale privialge escalation during the update of inn (bsc#1182321). Important SUSE bug 1182321 CVE-2021-31998 cpe:/o:suse:sle-pos:11:sp3 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sle-pos:11:sp3 Security update for jasper (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_6_0-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Important SUSE bug 1027038 SUSE bug 1038505 CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_6_0-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 (bsc#1070162) * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 SUSE bug 992537 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Security update to version 7.0.10.15 (bsc#1070162): * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm provides the following fixes: The version was updated to 7.0.10.20 [bsc#1082810]: * Following security issues were fixed: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ02284 JIT Compiler: Division by zero in JIT compiler - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 929900 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: IBM Java was updated to 7.1.4.25 (bsc#1093311, bsc#1085449) Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 java-1_7_0-ibm is updated to Java 7.0 Service Refresh 10 Fix Pack 35 (bsc#1116574): * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS * Java Virtual Machine - IJ10931 CVE-2018-3169 * JIT Compiler - IJ08205 CRASH WHILE COMPILING * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm to version 7.0.10.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 50 (bsc#1147021). Security issues fixed: - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1147021). - CVE-2019-4473: Fixed insecure RPATH in multiple binaries on AIX (bsc#1147021). - CVE-2019-7317: Fixed use-after-free in libpng, affecting client-libs/java.awt (bsc#1147021). - CVE-2019-11771: Fixed insecure RPATH in OpenJ9 on AIX (bsc#1147021). - CVE-2019-11775: Fixed failure to privatize a value pulled out of the loop by versioning (bsc#1147021). Moderate SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Update to 7.0 Service Refresh 10 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - The pack200 and unpack200 alternatives should be slaves of java [bsc#1171352] Moderate SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_0-ibm fixes the following issues: Update Java 7.0 to Service Refresh 11 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sle-pos:11:sp3 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet (bnc#975945). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure was initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. (bsc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability. (bsc#991608) The following non-security bugs were fixed: - Update patches.fixes/pci-determine-actual-vpd-size-on-first-access.patch (bsc#971729, bsc#974428). - Update PCI VPD size patch to upstream: * PCI: Determine actual VPD size on first access (bsc#971729). * PCI: Update VPD definitions (bsc#971729). (cherry picked from commit d2af5b7e0cd7ee2a54f02ad65ec300d16b3ad956) - Update patches.fixes/pci-update-vpd-definitions.patch (bsc#971729, bsc#974428). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - fs/cifs: Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid: add ALWAYS_POLL quirk for a Logitech 0xc055 (bnc#962404). - hid: add HP OEM mouse to quirk ALWAYS_POLL (bsc#919351). - hid: add quirk for PIXART OEM mouse used by HP (bsc#919351). - hid-elo: kill not flush the work. - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - nfs: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - nfs: reduce access cache shrinker locking (bnc#866130). - ppp: defer netns reference release for ppp channel (bsc#980371). - s390/cio: collect format 1 channel-path description data (bsc#966460,LTC#136434). - s390/cio: ensure consistent measurement state (bsc#966460,LTC#136434). - s390/cio: fix measurement characteristics memleak (bsc#966460,LTC#136434). - s390/cio: update measurement characteristics (bsc#966460,LTC#136434). - usbhid: add device USB_DEVICE_ID_LOGITECH_C077 (bsc#919351). - usbhid: more mice with ALWAYS_POLL (bsc#919351). - usbhid: yet another mouse with ALWAYS_POLL (bsc#919351). - veth: do not modify ip_summed (bsc#969149). - virtio_scsi: Implement eh_timed_out callback. - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#987709). Important SUSE bug 839104 SUSE bug 866130 SUSE bug 919351 SUSE bug 944309 SUSE bug 950998 SUSE bug 960689 SUSE bug 962404 SUSE bug 963655 SUSE bug 963762 SUSE bug 966460 SUSE bug 969149 SUSE bug 970114 SUSE bug 971126 SUSE bug 971360 SUSE bug 971446 SUSE bug 971729 SUSE bug 971944 SUSE bug 974428 SUSE bug 975945 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979213 SUSE bug 979274 SUSE bug 979548 SUSE bug 979681 SUSE bug 979867 SUSE bug 979879 SUSE bug 980371 SUSE bug 980725 SUSE bug 980788 SUSE bug 980931 SUSE bug 981267 SUSE bug 983143 SUSE bug 983213 SUSE bug 983535 SUSE bug 984107 SUSE bug 984755 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 986572 SUSE bug 987709 SUSE bug 988065 SUSE bug 989152 SUSE bug 989401 SUSE bug 991608 CVE-2013-4312 CVE-2015-7513 CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3955 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5696 CVE-2016-5829 CVE-2016-6480 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Important SUSE bug 1027565 CVE-2017-2636 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Critical) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Critical SUSE bug 1039348 SUSE bug 979021 CVE-2015-3288 CVE-2017-1000364 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Important SUSE bug 1045340 SUSE bug 1045406 CVE-2017-1000364 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Important SUSE bug 1059525 CVE-2017-1000253 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119). The following non-security bugs were fixed: - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: x86: Free vmx_msr_bitmap_longmode while kvm_init failed (bsc#1104367). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Important SUSE bug 1057199 SUSE bug 1087081 SUSE bug 1092903 SUSE bug 1102517 SUSE bug 1103119 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105100 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105323 SUSE bug 1105536 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1107001 SUSE bug 1107689 SUSE bug 1108912 CVE-2018-10902 CVE-2018-10940 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This feature is disabled on unaffected architectures. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel didn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695 1074033). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - asm alternatives: remove incorrect alignment notes. - getcwd: Close race with d_move called by lustre (bsc#1052593). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - ptrace: Add a new thread access check (bsc#1068032). - Revert 'mac80211: accept key reinstall without changing anything' This reverts commit 1def0d4e1446974356bacd9f4be06eee32b66473. - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier (bsc#1068032). - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi: mpt2sas: fix cleanup on controller resource mapping failure (bsc#999245). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - temporary fix (bsc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). Important SUSE bug 1010175 SUSE bug 1034862 SUSE bug 1045327 SUSE bug 1050231 SUSE bug 1052593 SUSE bug 1056982 SUSE bug 1057179 SUSE bug 1057389 SUSE bug 1058524 SUSE bug 1062520 SUSE bug 1063544 SUSE bug 1063667 SUSE bug 1066295 SUSE bug 1066472 SUSE bug 1066569 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066618 SUSE bug 1066625 SUSE bug 1066650 SUSE bug 1066671 SUSE bug 1066693 SUSE bug 1066700 SUSE bug 1066705 SUSE bug 1067085 SUSE bug 1068032 SUSE bug 1068671 SUSE bug 1069702 SUSE bug 1069708 SUSE bug 1070771 SUSE bug 1071074 SUSE bug 1071470 SUSE bug 1071695 SUSE bug 1072561 SUSE bug 1072876 SUSE bug 1073792 SUSE bug 1073874 SUSE bug 1074033 SUSE bug 999245 CVE-2017-1000251 CVE-2017-11600 CVE-2017-13080 CVE-2017-13167 CVE-2017-14106 CVE-2017-14140 CVE-2017-14340 CVE-2017-15102 CVE-2017-15115 CVE-2017-15265 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - cdc-acm: apply quirk for card reader (bsc#1060279). - Enable CPU vulnerabilities reporting via sysfs - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - Move kABI fixup for retpolines to proper place. - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Important SUSE bug 1012382 SUSE bug 1054305 SUSE bug 1060279 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076849 SUSE bug 1077406 SUSE bug 1077560 SUSE bug 1077922 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Update config files. Set CONFIG_RETPOLINE=y for i386. - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). Important SUSE bug 1046610 SUSE bug 1085279 SUSE bug 1087082 SUSE bug 1089895 SUSE bug 1091755 SUSE bug 1092497 SUSE bug 1094019 CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability existed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c kernel could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Important SUSE bug 1082962 SUSE bug 1083900 SUSE bug 1085107 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1092904 SUSE bug 1094353 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097234 SUSE bug 1098016 SUSE bug 1099924 SUSE bug 1099942 SUSE bug 1100418 SUSE bug 1104475 SUSE bug 1104684 SUSE bug 909361 CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021). The following non-security bugs were fixed: - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018, bsc#1104366). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (bug#1107189). - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (bug#1107189). - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (bug#1107189). - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (bug#1107189). - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189). - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (bug#1107189). - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070). - KEYS: prevent creating a different user's keyrings (bnc#1094186). - KVM: x86: Fix the duplicate failure path handling in vmx_init (bsc#1104367). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412). - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#1116412). - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#1116412). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#1116412). - NFS: Do not write enable new pages while an invalidation is proceeding (bsc#1116412). - NFS: Fix a regression in the read() syscall (bsc#1116412). - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412). - NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#1116412). - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - reiserfs: fix race in readdir (bsc#1039803). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: storvsc: Always send on the selected outgoing channel (bug#1107189). - scsi: storvsc: Do not assume that the scatterlist is not chained (bug#1107189). - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189). - scsi: storvsc: Increase the ring buffer size (bug#1107189). - scsi: storvsc: Size the queue depth based on the ringbuffer size (bug#1107189). - storvsc: fix a bug in storvsc limits (bug#1107189). - storvsc: force discovery of LUNs that may have been removed (bug#1107189). - storvsc: get rid of overly verbose warning messages (bug#1107189). - storvsc: in responce to a scan event, scan the host (bug#1107189). - storvsc: Set the SRB flags correctly when no data transfer is needed (bug#1107189). - udp: ipv4: Add udp early demux (bsc#1104070). - udp: restore UDPlite many-cast delivery (bsc#1104070). - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070). - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver (bsc#1104070). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename 'reclaim' (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - XFS: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - XFS: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1031240 SUSE bug 1039803 SUSE bug 1066674 SUSE bug 1071021 SUSE bug 1094186 SUSE bug 1094825 SUSE bug 1104070 SUSE bug 1104366 SUSE bug 1104367 SUSE bug 1107189 SUSE bug 1108498 SUSE bug 1109200 SUSE bug 1113201 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1116412 SUSE bug 1116841 SUSE bug 1117515 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120743 SUSE bug 905299 SUSE bug 936875 SUSE bug 968018 SUSE bug 990682 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032). - xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). Important SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087086 SUSE bug 1087088 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 CVE-2018-3665 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Important SUSE bug 1004418 CVE-2016-5195 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bsc#1029850). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bsc#1038879). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 1050677 ). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336) - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. This requires a malicious PCI Card. (bnc#1037994). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary could have overflowed the parport_nr array in the following code (bnc#1039456). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). The following non-security bugs were fixed: - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - btrfs: cleanup code of btrfs_balance_delayed_items() (bsc#1034838). - btrfs: do not run delayed nodes again after all nodes flush (bsc#1034838). - btrfs: remove btrfs_end_transaction_dmeta() (bsc#1034838). - btrfs: remove residual code in delayed inode async helper (bsc#1034838). - btrfs: use flags instead of the bool variants in delayed node (bsc#1034838). - cifs: cifs_get_root shouldn't use path with tree name, alternate fix (bsc#963655, bsc#979681, bsc#1027406). - dentry name snapshots (bsc#1049483). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562) (bsc#948562). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919, bnc#1053760). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - keys: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - nfs: Avoid getting confused by confused server (bsc#1045416). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Make nfs_readdir revalidate less often (bsc#1048232). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - sunrpc: Clean up the slot table allocation (bsc#1013862). - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - usb: wusbcore: fix NULL-deref at probe (bsc#1045487). - Use make --output-sync feature when available (bsc#1012422). - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). Important SUSE bug 1006919 SUSE bug 1012422 SUSE bug 1013862 SUSE bug 1017143 SUSE bug 1020229 SUSE bug 1021256 SUSE bug 1023051 SUSE bug 1024938 SUSE bug 1025013 SUSE bug 1025235 SUSE bug 1026024 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027101 SUSE bug 1027178 SUSE bug 1027179 SUSE bug 1027406 SUSE bug 1028415 SUSE bug 1028880 SUSE bug 1029212 SUSE bug 1029850 SUSE bug 1030213 SUSE bug 1030573 SUSE bug 1030575 SUSE bug 1030593 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031481 SUSE bug 1031579 SUSE bug 1031660 SUSE bug 1033287 SUSE bug 1033336 SUSE bug 1034670 SUSE bug 1034838 SUSE bug 1035576 SUSE bug 1037182 SUSE bug 1037183 SUSE bug 1037994 SUSE bug 1038544 SUSE bug 1038564 SUSE bug 1038879 SUSE bug 1038883 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039349 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1041431 SUSE bug 1042364 SUSE bug 1042863 SUSE bug 1042892 SUSE bug 1044125 SUSE bug 1045416 SUSE bug 1045487 SUSE bug 1046107 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049882 SUSE bug 1050677 SUSE bug 1052311 SUSE bug 1053148 SUSE bug 1053152 SUSE bug 1053760 SUSE bug 1056588 SUSE bug 870618 SUSE bug 948562 SUSE bug 957988 SUSE bug 957990 SUSE bug 963655 SUSE bug 972891 SUSE bug 979681 SUSE bug 983212 SUSE bug 986924 SUSE bug 989896 SUSE bug 999245 CVE-2016-10200 CVE-2016-5243 CVE-2017-1000112 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11176 CVE-2017-11473 CVE-2017-12762 CVE-2017-14051 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-7616 CVE-2017-8831 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-16276: An issue was discovered in yurex_read in drivers/usb/misc/yurex.c where local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). The following non-security bugs were fixed: - net: fix neighbours after MAC change (bnc#905299). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). - x86/fpu: fix signal handling with eager FPU switching (ia32) (bsc#1108227). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). Important SUSE bug 1099922 SUSE bug 1102870 SUSE bug 1106095 SUSE bug 1107829 SUSE bug 1108227 SUSE bug 1109967 SUSE bug 1110247 SUSE bug 1113337 SUSE bug 905299 CVE-2018-12896 CVE-2018-14617 CVE-2018-14633 CVE-2018-16276 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - KABI: x86/kaiser: properly align trampoline stack. - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - kvm/x86: fix icebp instruction handling (bsc#1087088). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Important SUSE bug 1010470 SUSE bug 1039348 SUSE bug 1052943 SUSE bug 1062568 SUSE bug 1062840 SUSE bug 1063416 SUSE bug 1067118 SUSE bug 1072689 SUSE bug 1072865 SUSE bug 1078669 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078674 SUSE bug 1080464 SUSE bug 1080757 SUSE bug 1082424 SUSE bug 1083242 SUSE bug 1083483 SUSE bug 1083494 SUSE bug 1084536 SUSE bug 1085331 SUSE bug 1086162 SUSE bug 1087088 SUSE bug 1087209 SUSE bug 1087260 SUSE bug 1087762 SUSE bug 1088147 SUSE bug 1088260 SUSE bug 1089608 SUSE bug 1089752 SUSE bug 940776 CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) * Fix privilege escalation in TCG mode (bsc#1030624) These non-security issues were fixed: - bsc#1045035: Fixed regression introduced by previous virtfs security fixes - bsc#1038396: Fixed 12 tempest tests - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun - bsc#1049785: Make virsh dump output readable by crash - bsc#1015048: Fixed virtio interface failure - bsc#1016779: Fixed graphical update errors introduced by previous security fix - Fixed various inaccuracies in cirrus vga device emulation Important SUSE bug 1013285 SUSE bug 1014109 SUSE bug 1014111 SUSE bug 1014702 SUSE bug 1015048 SUSE bug 1016779 SUSE bug 1020427 SUSE bug 1021129 SUSE bug 1021741 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023907 SUSE bug 1024972 SUSE bug 1025109 SUSE bug 1028184 SUSE bug 1028656 SUSE bug 1030624 SUSE bug 1031051 SUSE bug 1034044 SUSE bug 1034866 SUSE bug 1034908 SUSE bug 1035406 SUSE bug 1035950 SUSE bug 1037242 SUSE bug 1038396 SUSE bug 1039495 SUSE bug 1042159 SUSE bug 1042800 SUSE bug 1042801 SUSE bug 1043296 SUSE bug 1045035 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1049785 SUSE bug 1056334 SUSE bug 1057585 SUSE bug 1062069 SUSE bug 1063122 CVE-2016-10155 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: A security flaw mitigation has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Also a security fix has been applied: - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Important SUSE bug 1026612 SUSE bug 1068032 CVE-2017-2633 CVE-2017-5715 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Additional security fixes: - CVE-2018-5683: An out-of-bounds read in vga_draw_text routine was fixed which could lead to crashes or information leakage. (bsc#1076114) - CVE-2018-7550: multiboot OOB access while loading kernel image was fixed that could lead to crashes (bsc#1083291) - CVE-2017-18030: An out-of-bounds access in cirrus_invalidate_region routine could lead to crashes or information leakage (bsc#1076179) - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Important SUSE bug 1068032 SUSE bug 1076114 SUSE bug 1076179 SUSE bug 1082276 SUSE bug 1083291 CVE-2017-18030 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1112185 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix use-after-free in slirp (CVE-2019-15890 bsc#1149811) - Fix for similar problems as for the original fix prompting this issue (CVE-2019-6778 bsc#1123156) - Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 CVE-2020-7039 bsc#1161066) - Fix use after free in slirp (CVE-2020-1983 bsc#1170940) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Important SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1170940 SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172478 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178934 SUSE bug 1179467 SUSE bug 1181108 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 CVE-2014-3689 CVE-2015-1779 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 CVE-2020-14364 CVE-2020-1983 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-29130 CVE-2020-29443 CVE-2020-7039 CVE-2020-8608 CVE-2021-20181 CVE-2021-20257 cpe:/o:suse:sle-pos:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for kvm fixes the following issues: - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473) - CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612) - CVE-2020-11947: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523) - CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933) - CVE-2020-25707: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c. (bsc#1178683) - CVE-2020-15863: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c. (bsc#1174386) Important SUSE bug 1031692 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1178683 SUSE bug 1180523 SUSE bug 1181933 SUSE bug 1186473 SUSE bug 1187364 SUSE bug 1187367 CVE-2020-11947 CVE-2020-15469 CVE-2020-15863 CVE-2020-25707 CVE-2021-20221 CVE-2021-3416 CVE-2021-3592 CVE-2021-3594 cpe:/o:suse:sle-pos:11:sp3 Security update for libcaca (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sle-pos:11:sp3 Security update for libcares2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sle-pos:11:sp3 Security update for libcdio (Low) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). Low SUSE bug 1082821 CVE-2017-18199 cpe:/o:suse:sle-pos:11:sp3 Security update for libcroco (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sle-pos:11:sp3 Security update for libesmtp (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sle-pos:11:sp3 Security update for libexif (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sle-pos:11:sp3 Security update for libgcrypt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sle-pos:11:sp3 Security update for libsndfile (Critical) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libsndfile fixes the following issues: - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) Critical SUSE bug 1188540 CVE-2021-3246 cpe:/o:suse:sle-pos:11:sp3 Security update for libsndfile (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sle-pos:11:sp3 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Fixed an issue where libssh2 stops parsing known_hosts (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sle-pos:11:sp3 Security update for libssh2_org (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sle-pos:11:sp3 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sle-pos:11:sp3 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sle-pos:11:sp3 Security update for libtcnative-1-0 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Important SUSE bug 1078679 SUSE bug 1103347 SUSE bug 1103348 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:sle-pos:11:sp3 Security update for libtirpc, rpcbind (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sle-pos:11:sp3 Security update for libvirt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes: - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Important SUSE bug 1025340 SUSE bug 1076500 SUSE bug 1079869 SUSE bug 1083625 SUSE bug 1087887 SUSE bug 1088147 SUSE bug 936233 SUSE bug 960742 CVE-2017-5715 CVE-2018-1064 CVE-2018-5748 cpe:/o:suse:sle-pos:11:sp3 Security update for libvirt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sle-pos:11:sp3 Security update for libvirt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). Important SUSE bug 1138301 CVE-2019-10161 cpe:/o:suse:sle-pos:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sle-pos:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1102046 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 CVE-2018-14404 cpe:/o:suse:sle-pos:11:sp3 Security update for libxml2 (Low) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sle-pos:11:sp3 Security update for libxml2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Important SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 SUSE bug 1176179 SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2014-0191 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sle-pos:11:sp3 Security update for libxml2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sle-pos:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The following non-security bugs were fixed: - Always include the git commit in KOTD builds. This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - NFS: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - NFS: Refresh open-owner id when server says SEQID is bad (bsc#989261). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: add flock_owner to open context (bnc#998689). - NFSv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - NFSv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() (bsc#1012895). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, among others). - __ptrace_may_access() should not deny sub-threads (bsc#1012851). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - include/linux/math64.h: add div64_ul() (bsc#996329). - kabi-fix for flock_owner addition (bsc#998689). - kabi: get back scsi_device.current_cmnd (bsc#935436). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kexec: add a kexec_crash_loaded() function (bsc#973691). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS and cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils lower than 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - qlcnic: Schedule napi directly in netpoll (bsc#966826). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/config.sh: Set a fitting release string (bsc#997059) - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#961923, LTC#135138). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: remove current_cmnd field from struct scsi_device (bsc#935436). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xfs: remove the deprecated nodelaylog option (bsc#992906). Important SUSE bug 1001419 SUSE bug 1002165 SUSE bug 1003077 SUSE bug 1003253 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1007944 SUSE bug 1008374 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1008850 SUSE bug 1009875 SUSE bug 1010150 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010713 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1011820 SUSE bug 1012183 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1012851 SUSE bug 1012852 SUSE bug 1012895 SUSE bug 1013038 SUSE bug 1013042 SUSE bug 1013531 SUSE bug 1013542 SUSE bug 1014454 SUSE bug 1014746 SUSE bug 1015878 SUSE bug 1017710 SUSE bug 1018446 SUSE bug 1019079 SUSE bug 1019783 SUSE bug 1021258 SUSE bug 821612 SUSE bug 824171 SUSE bug 914939 SUSE bug 929141 SUSE bug 935436 SUSE bug 956514 SUSE bug 961923 SUSE bug 966826 SUSE bug 967716 SUSE bug 969340 SUSE bug 973691 SUSE bug 979595 SUSE bug 987576 SUSE bug 989152 SUSE bug 989261 SUSE bug 991665 SUSE bug 992566 SUSE bug 992569 SUSE bug 992906 SUSE bug 992991 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994618 SUSE bug 994759 SUSE bug 995968 SUSE bug 996329 SUSE bug 996541 SUSE bug 996557 SUSE bug 997059 SUSE bug 997401 SUSE bug 997708 SUSE bug 998689 SUSE bug 999932 SUSE bug 999943 CVE-2004-0230 CVE-2012-6704 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2015-8970 CVE-2016-0823 CVE-2016-10088 CVE-2016-3841 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 cpe:/o:suse:sle-pos:11:sp3 Security update for log4j (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sle-pos:11:sp3 Security update for log4j (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sle-pos:11:sp3 Security update for log4j (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sle-pos:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sle-pos:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205). Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a '+' (bsc#1102416) Important SUSE bug 1102416 SUSE bug 997205 CVE-2016-6893 cpe:/o:suse:sle-pos:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sle-pos:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). Important SUSE bug 1167068 SUSE bug 1170558 CVE-2020-12137 cpe:/o:suse:sle-pos:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sle-pos:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 Update to Intel microcode version 20180108 (bsc#1075262 CVE-2017-5715) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). Among other updates it contains: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Important SUSE bug 1075262 CVE-2017-5715 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sle-pos:11:sp3 Security update to ucode-intel (Important) SUSE Linux Enterprise Point of Sale 11 SP3 ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 SUSE bug 1141977 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issue: - Updated Intel CPU Microcode to 20201027 prerelease (bsc#1170446) - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sle-pos:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for microcode_ctl fixes the following issues: Updated to Intel CPU Microcode 20210525 release: - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833) - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839) Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sle-pos:11:sp3 Security update for mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sle-pos:11:sp3 Security update for mozilla-nss (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sle-pos:11:sp3 Security update for mutt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Important SUSE bug 1101567 SUSE bug 1101570 SUSE bug 1101571 SUSE bug 1101573 SUSE bug 1101576 SUSE bug 1101577 SUSE bug 1101578 SUSE bug 1101581 SUSE bug 1101582 SUSE bug 1101588 SUSE bug 1101589 SUSE bug 936807 CVE-2018-14349 CVE-2018-14350 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 cpe:/o:suse:sle-pos:11:sp3 Security update for mutt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sle-pos:11:sp3 Security update for mutt (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:suse:sle-pos:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913). - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919). - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922). - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926). - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html Bugs fixed: - bsc#967374: properly restart mysql multi instances during upgrade - bnc#937258: multi script to restart after crash Important SUSE bug 937258 SUSE bug 967374 SUSE bug 989913 SUSE bug 989919 SUSE bug 989922 SUSE bug 989926 SUSE bug 998309 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 cpe:/o:suse:sle-pos:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890) - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html Important SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 cpe:/o:suse:sle-pos:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html Important SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064119 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 cpe:/o:suse:sle-pos:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Point of Sale 11 SP3 MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Important SUSE bug 1013882 SUSE bug 1112368 SUSE bug 1112369 SUSE bug 1112432 CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 cpe:/o:suse:sle-pos:11:sp3 Security update for netpbm (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 cpe:/o:suse:sle-pos:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:sle-pos:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sle-pos:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1001182 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sle-pos:11:sp3 Security update for openldap2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sle-pos:11:sp3 Security update for openldap2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). Important SUSE bug 1172698 CVE-2020-8023 cpe:/o:suse:sle-pos:11:sp3 Security update for openldap2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sle-pos:11:sp3 Security update for openldap2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. - resynchronise changelogs with subpackages (bsc#1184020). Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 SUSE bug 1184020 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sle-pos:11:sp3 Security update for opensc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1192005 CVE-2021-42780 CVE-2021-42782 cpe:/o:suse:sle-pos:11:sp3 Security update for openslp (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sle-pos:11:sp3 Security update for openssh (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. (bsc#989363, CVE-2016-6210) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. (bsc#948902) - Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115) - Prevent X11 SECURITY circumvention when forwarding X11 connections. (bsc#962313, CVE-2016-1908) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option. (bsc#932483, bsc#948902) - Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325) - Limit the accepted password length (prevents a possible denial of service). (bsc#992533, CVE-2016-6515) - Relax version requires for the openssh-askpass sub-package. (bsc#962794) - Avoid complaining about unset DISPLAY variable. (bsc#981654) - Initialize message id to prevent connection breakups in some cases. (bsc#959096) Moderate SUSE bug 932483 SUSE bug 948902 SUSE bug 959096 SUSE bug 962313 SUSE bug 962794 SUSE bug 970632 SUSE bug 975865 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sle-pos:11:sp3 Security update for openssh (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 cpe:/o:suse:sle-pos:11:sp3 Security update for openssh (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) - CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370) Bugs fixed: - Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180) Important SUSE bug 1016370 SUSE bug 1065000 SUSE bug 1076957 SUSE bug 1105010 SUSE bug 1105180 SUSE bug 1106163 SUSE bug 1106726 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 CVE-2018-15473 cpe:/o:suse:sle-pos:11:sp3 Security update for openssh (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Moderate SUSE bug 1090671 SUSE bug 1115550 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 984663 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785). Important SUSE bug 1153785 CVE-2019-1563 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Low) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sle-pos:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sle-pos:11:sp3 Security update for openvpn (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Important SUSE bug 1044947 CVE-2017-7508 cpe:/o:suse:sle-pos:11:sp3 Security update for openvpn (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374) - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709) - CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711) - Some other hardening fixes have also been applied (bsc#1038713) Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 1060877 SUSE bug 995374 CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 cpe:/o:suse:sle-pos:11:sp3 Security update for patch (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): Important SUSE bug 1059698 SUSE bug 1080918 SUSE bug 1088420 SUSE bug 662957 SUSE bug 914891 CVE-2010-4651 CVE-2014-9637 CVE-2016-10713 CVE-2018-1000156 cpe:/o:suse:sle-pos:11:sp3 Security update for perl (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Moderate SUSE bug 1096718 CVE-2018-12015 cpe:/o:suse:sle-pos:11:sp3 Security update for perl-DBI (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sle-pos:11:sp3 Security update for perl-DBI (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). - CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493). Important SUSE bug 1176493 SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2013-7491 CVE-2019-20919 cpe:/o:suse:sle-pos:11:sp3 Security update for perl-XML-LibXML (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Important SUSE bug 1046848 CVE-2017-10672 cpe:/o:suse:sle-pos:11:sp3 Security update for permissions (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for permissions fixes the following issues: - CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks (bsc#1150734). Moderate SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3690 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Important SUSE bug 1019550 SUSE bug 1022219 SUSE bug 1022255 SUSE bug 1022257 SUSE bug 1022260 SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. (bsc#986247) - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. (bsc#986391) - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639) Important SUSE bug 1076220 SUSE bug 1076391 SUSE bug 1080234 SUSE bug 1083639 SUSE bug 986247 SUSE bug 986391 CVE-2016-10712 CVE-2016-5771 CVE-2016-5773 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1140118 SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 SUSE bug 1161982 SUSE bug 1162629 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-20433 CVE-2020-7059 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Important SUSE bug 1177352 CVE-2020-7070 cpe:/o:suse:sle-pos:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for php53 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Important SUSE bug 1182049 CVE-2021-21702 cpe:/o:suse:sle-pos:11:sp3 Security update for postgresql94 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sle-pos:11:sp3 Security update for ppp (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Important SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 985177 CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) Moderate SUSE bug 1149955 CVE-2019-16056 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). Moderate SUSE bug 1162367 CVE-2020-8492 cpe:/o:suse:sle-pos:11:sp3 Security update for python (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Important SUSE bug 1177211 CVE-2020-26116 cpe:/o:suse:sle-pos:11:sp3 Security update for python-numpy (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sle-pos:11:sp3 Security update for quagga (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet 'vty' CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet 'vty' CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default 'zebra.conf' config file are now disabled. The vty interface is available via 'vtysh' utility using pam authentication to permit management access for root without password. [bsc#1021669] Important SUSE bug 1021669 SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) Moderate SUSE bug 1003731 SUSE bug 1009711 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 993692 SUSE bug 997833 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Important SUSE bug 1027147 SUSE bug 1036283 CVE-2017-2619 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). Moderate SUSE bug 1042419 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12163 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). Moderate SUSE bug 1016531 SUSE bug 1063008 CVE-2017-15275 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) Important SUSE bug 1079449 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issue fixed: - Make init scripts create log directories before running daemons (bsc#1101499) Moderate SUSE bug 1101499 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:sle-pos:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sle-pos:11:sp3 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Moderate SUSE bug 1119687 CVE-2018-20346 cpe:/o:suse:sle-pos:11:sp3 Security update for sqlite3 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sle-pos:11:sp3 Security update for sqlite3 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sle-pos:11:sp3 Security update for sqlite3 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for sqlite3 fixes the following issues: - CVE-2019-20218: Fixed a stack unwinding flaw in the selectExpander after a parsing error. (bsc#1160439) Important SUSE bug 1160439 CVE-2019-20218 cpe:/o:suse:sle-pos:11:sp3 Security update for squid (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning (bsc#1175664). - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). - CVE-2019-18676: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). Important SUSE bug 1156329 SUSE bug 1175664 CVE-2019-12523 CVE-2019-18676 CVE-2020-15810 cpe:/o:suse:sle-pos:11:sp3 Security update for squid3 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) - Fixed handling of hostname in cachemgr.cgi (CVE-2019-18860, bsc#1167373) - Fixed a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) - Fixed a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (CVE-2019-12520, CVE-2019-12524, bsc#1170423) - Fixed a potential denial of service when processing TLS certificates during HTTPS connections (CVE-2020-14059, bsc#1173304) - Fixed a potential denial of service associated with incorrect buffer management of HTTP Basic Authentication credentials (bsc#1141329, CVE-2019-12529) - Fixed an incorrect buffer management resulting in vulnerability to a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332, CVE-2019-12525) - Fix XSS via user_name or auth parameter in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - Fixed a potential code execution vulnerability (CVE-2019-12526, bsc#1156326) - Fixed HTTP Request Splitting in HTTP message processing and information disclosure in HTTP Digest Authentication (CVE-2019-18678, CVE-2019-18679, bsc#1156323, bsc#1156324) - Fixed a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) - Fixed a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) - Fixed a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) - Fixed Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) - Disable urn parsing and parsing of unknown schemes (bsc#1156329, CVE-2019-12523, CVE-2019-18676) Important SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 SUSE bug 1167373 SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 SUSE bug 1173304 SUSE bug 1173455 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14059 CVE-2020-15049 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sle-pos:11:sp3 Security update for squid3 (Critical) SUSE Linux Enterprise Point of Sale 11 SP3 This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability (bsc#1175665). - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses (bsc#1175671). - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sle-pos:11:sp3 Security update for squid3 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for squid3 fixes the following issues: - CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921). - CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436). Important SUSE bug 1183436 SUSE bug 1185921 CVE-2020-25097 CVE-2021-28651 cpe:/o:suse:sle-pos:11:sp3 Security update for strongswan (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sle-pos:11:sp3 Security update for strongswan (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1107874 SUSE bug 1109845 SUSE bug 1194471 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 cpe:/o:suse:sle-pos:11:sp3 Security update for sudo (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sle-pos:11:sp3 Security update for supportutils (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script (bsc#1117751) - CVE-2018-19640: Users can kill arbitrary processes (bsc#1118463) - CVE-2018-19638: User can overwrite arbitrary log files in support tar (bsc#1118460) - CVE-2018-19639: Code execution if run with -v (bsc#1118462) Moderate SUSE bug 1117751 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 CVE-2018-19636 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sle-pos:11:sp3 Security update for syslog-ng (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update (bsc#1169385). Moderate SUSE bug 1169385 CVE-2020-8019 cpe:/o:suse:sle-pos:11:sp3 Security update for tar (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes (jsc#ECO-339) * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments to external commands. * New configure option --enable-gcc-warnings, intended for debugging. * New warning control option --warning=[no-]record-size * New command line option --keep-directory-symlink * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Moderate SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1152736 CVE-2018-20482 CVE-2019-9923 cpe:/o:suse:sle-pos:11:sp3 Security update for tcpdump (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). Important SUSE bug 1057247 SUSE bug 1153098 SUSE bug 1153332 CVE-2017-12893 CVE-2017-12894 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12995 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13041 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13051 CVE-2017-13053 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13725 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14881 CVE-2018-14882 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 cpe:/o:suse:sle-pos:11:sp3 Security update for tcpdump (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sle-pos:11:sp3 Security update for tiff (Low) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Low SUSE bug 1121626 SUSE bug 983268 CVE-2016-5102 CVE-2019-6128 cpe:/o:suse:sle-pos:11:sp3 Security update for tiff (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Important SUSE bug 1156749 SUSE bug 1156754 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 CVE-2015-8665 CVE-2015-8683 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 cpe:/o:suse:sle-pos:11:sp3 Security update for tightvnc (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Important SUSE bug 1155442 SUSE bug 1155452 SUSE bug 1155472 SUSE bug 1155476 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 cpe:/o:suse:sle-pos:11:sp3 Security update for tomcat6 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Important SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1011805 SUSE bug 1011812 SUSE bug 1015119 SUSE bug 1033448 SUSE bug 1036642 SUSE bug 988489 CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 cpe:/o:suse:sle-pos:11:sp3 Security update for tomcat6 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tomcat6 fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sle-pos:11:sp3 Security update for tomcat6 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tomcat6 fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2020-9484 cpe:/o:suse:sle-pos:11:sp3 Security update for tomcat6 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Important SUSE bug 1059554 SUSE bug 1180947 SUSE bug 1182909 CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 cpe:/o:suse:sle-pos:11:sp3 Security update for transfig (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for transfig fixes the following issues: - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - Do hardening via compile and linker flags - Fixed last added upstream commit (boo#1136882) Important SUSE bug 1136882 SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sle-pos:11:sp3 Security update for transfig (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sle-pos:11:sp3 Security update for unrar (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Important SUSE bug 1045315 CVE-2012-6706 cpe:/o:suse:sle-pos:11:sp3 Security update for util-linux (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for util-linux fixes the following issues: - CVE-2015-5218: Prevent colcrt buffer overflow. (bsc#949754) These non-security issues were fixed: - Mount crashes when trying to mount `shmfs` while `SELinux` is active. (bsc#1040414) - Fix `lsblk -f` on `CCISS` and other devices with nodes in `/dev` subdirectory. (bsc#924994) - Fix `script(1)` hang caused by mis-interpreted EOF on big-endian platforms. (bsc#930236) - Do not segfault when TERM is not defined or wrong. (bsc#903440) - Update and fix mount XFS documentation. (bsc#925705) - Fix recognition of `/dev/dm-N` partitions names. (bsc#931607) - Follow SUSE Linux Enterprise 11 device mapper partition names configuration. (bsc#931607) - Fix recognition of device mapper partitions. (bsc#923904) - Fix `fsck -C {fd}` parsing. (bsc#923777, bsc#903738) Important SUSE bug 1040414 SUSE bug 903440 SUSE bug 903738 SUSE bug 923777 SUSE bug 923904 SUSE bug 924994 SUSE bug 925705 SUSE bug 930236 SUSE bug 931607 SUSE bug 949754 CVE-2015-5218 cpe:/o:suse:sle-pos:11:sp3 Security update for vim (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sle-pos:11:sp3 Security update for vim (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). Moderate SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sle-pos:11:sp3 Security update for wavpack (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sle-pos:11:sp3 Security update for wget (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Moderate SUSE bug 958342 SUSE bug 984060 SUSE bug 995964 CVE-2016-4971 CVE-2016-7098 cpe:/o:suse:sle-pos:11:sp3 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for wpa_supplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-5403: Unbounded memory allocation allowed a guest administrator to cause a denial of service of the host (bsc#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) These non-security issues were fixed: - bsc#985503: vif-route broken - bsc#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory > current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976470: Xend fails to start - bsc#973631: AWS EC2 kdump issue Important SUSE bug 954872 SUSE bug 961600 SUSE bug 963161 SUSE bug 973188 SUSE bug 973631 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 976470 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 982224 SUSE bug 982225 SUSE bug 982960 SUSE bug 983984 SUSE bug 985503 SUSE bug 988675 SUSE bug 990843 SUSE bug 990923 SUSE bug 995785 SUSE bug 995792 CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-7092 CVE-2016-7094 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue was fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation (bsc#1016340). - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM guest OS users to obtain sensitive information from host stack memory via a 'supposedly-ignored' operand size prefix (bsc#1012651). - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298) This non-security issue was fixed: - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Important SUSE bug 1002496 SUSE bug 1012651 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014298 SUSE bug 1014507 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024183 SUSE bug 1024834 SUSE bug 907805 CVE-2014-8106 CVE-2016-10013 CVE-2016-10024 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-2615 CVE-2017-2620 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Important SUSE bug 1027570 SUSE bug 1028235 SUSE bug 1030442 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several security issues: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) Important SUSE bug 1028655 SUSE bug 1033948 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 SUSE bug 1035483 CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 CVE-2017-7995 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following security issues: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). Important SUSE bug 1034845 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042863 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042931 SUSE bug 1042938 CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following issues: - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). Important SUSE bug 1046637 SUSE bug 1048920 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 CVE-2017-10664 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). Important SUSE bug 1056278 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). Important SUSE bug 1061075 SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - Unprivileged domains could have issued well-timed writes to xenstore which conflict with transactions to stall progress of the control domain or driver domain, possibly leading to DoS (bsc#1030144, XSA-206). Important SUSE bug 1024307 SUSE bug 1030144 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1080635 SUSE bug 1080662 CVE-2017-11334 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5898 CVE-2018-5683 CVE-2018-7540 CVE-2018-7541 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). Important SUSE bug 1083292 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following issues: These security issue were fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed: - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1079730 SUSE bug 1090822 SUSE bug 1090823 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097206 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1098744 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could allow memory corruption (bsc#1112188). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2018-17958: Fixed an integer overflow which could lead to buffer overflow (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Important SUSE bug 1110924 SUSE bug 1111007 SUSE bug 1111011 SUSE bug 1111014 SUSE bug 1112188 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1129623 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675). Important SUSE bug 1047675 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1130680 SUSE bug 1135905 SUSE bug 1143797 SUSE bug 1145652 SUSE bug 1146874 SUSE bug 1149813 CVE-2017-10806 CVE-2018-20815 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 cpe:/o:suse:sle-pos:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation - bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations Important SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1161181 SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1169392 SUSE bug 1174543 CVE-2019-18421 CVE-2019-18425 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-7211 CVE-2020-8608 cpe:/o:suse:sle-pos:11:sp3 Security update for xerces-j2 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Moderate SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643). Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. Important SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Important SUSE bug 1078383 SUSE bug 1111697 CVE-2018-14665 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 CVE-2020-14345 CVE-2020-14347 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sle-pos:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xorg-x11-server fixes the following issues: - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190489 CVE-2021-4011 cpe:/o:suse:sle-pos:11:sp3 Security update for xterm (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sle-pos:11:sp3 Security update for xz (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sle-pos:11:sp3 Security update for zlib (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sle-pos:11:sp3 Security update for zsh (Important) SUSE Linux Enterprise Point of Sale 11 SP3 This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294). - CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991). - CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026). - CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656). - CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296). - CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002). - CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998). - CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250). - CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975). - CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977). - CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885). Important SUSE bug 1082885 SUSE bug 1082975 SUSE bug 1082977 SUSE bug 1082991 SUSE bug 1082998 SUSE bug 1083002 SUSE bug 1083250 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 1107294 SUSE bug 1107296 SUSE bug 1163882 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-13259 CVE-2018-7549 CVE-2019-20044 cpe:/o:suse:sle-pos:11:sp3 Security update for Real Time Linux kernel SUSE Linux Enterprise Real Time Extension 11 SP1 The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has been updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2012-3375: Fixed a denial of service condition in the epoll loop detection. * CVE-2012-2390: Memory leaks in the hugetlbfs map reservation code have been fixed that could be used by local attackers to exhaust machine memory. * CVE-2012-2133: A fix use after free bug in 'quota' handling of hugepages has been fixed that could cause a local denial of service. * CVE-2012-2384: A integer overflow in i915_gem_do_execbuffer() has been fixed that might be used by local attackers to crash the kernel or potentially execute code. * CVE-2012-2383: A integer overflow in i915_gem_execbuffer2() has been fixed that might be used by local attackers to crash the kernel or potentially execute code. * CVE-2012-2123: The filesystem cabability handling was not fully correct, allowing local users to bypass fscaps related restrictions to disable e.g. address space randomization. * CVE-2009-4020: Fixed a potential buffer overflow in hfsplus that could have been used to crash the kernel by supplying a bad hfsplus image for mounting. * CVE-2011-4330: Mounting a corrupted hfs filesystem could have lead to a buffer overflow. * CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. * CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. * CVE-2012-1090: Fixed a dentry refcount leak when opening a FIFO on lookup in cifs that could have been used to crash the kernel. * CVE-2012-0810: A stack reusage bug has been fixed which could be used by local attackers to crash the kernel in some circumstances. As this only affects x86 32bit, it does not affect x86_64 at all. * CVE-2012-0044: A integer overflow in drm_mode_dirtyfb_ioctl() has been fixed that might be used by local attackers to crash the kernel or execute code. * CVE-2011-4077: A possible memory corruption in xfs_readlink has been fixed that could be used by local users able to mount xfs images to crash the kernel. * CVE-2011-4132: Fixed a oops in jbd/jbd2 that could have been caused by mounting a malicious prepared filesystem. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could have been caused by specific filesystem access patterns. Also the following non security bugs have been fixed: * sched: Fix proc_sched_set_task() (bnc#717994). * vlan/core: Fix memory leak/corruption on VLAN GRO_DROP (bnc#758058). Security Issue references: * CVE-2009-4020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020> * CVE-2011-1083 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083> * CVE-2011-4077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077> * CVE-2011-4086 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086> * CVE-2011-4132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132> * CVE-2011-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330> * CVE-2012-0044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0044> * CVE-2012-0810 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0810> * CVE-2012-1090 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1090> * CVE-2012-1097 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097> * CVE-2012-2123 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123> * CVE-2012-2383 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2383> * CVE-2012-2384 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2384> * CVE-2012-2390 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2390> * CVE-2012-3375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375> * CVE-2012-2133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2133> SUSE bug 676204 SUSE bug 717994 SUSE bug 726600 SUSE bug 730118 SUSE bug 731673 SUSE bug 740745 SUSE bug 745832 SUSE bug 749118 SUSE bug 749569 SUSE bug 750079 SUSE bug 758058 SUSE bug 758260 SUSE bug 758532 SUSE bug 760902 SUSE bug 763194 SUSE bug 764150 SUSE bug 769896 CVE-2009-4020 CVE-2011-1083 CVE-2011-4077 CVE-2011-4086 CVE-2011-4132 CVE-2011-4330 CVE-2012-0044 CVE-2012-0810 CVE-2012-1090 CVE-2012-1097 CVE-2012-2123 CVE-2012-2133 CVE-2012-2383 CVE-2012-2384 CVE-2012-2390 CVE-2012-3375 cpe:/a:suse:suse-linux-enterprise-rt:11:sp1 Security update for OFED SUSE Linux Enterprise Real Time Extension 11 SP1 This update fixes the following reports for OFED: * 704914: Fixed NFS client over TCP hangs due to packet loss. * 693243: Fixed issue with building lustre against ofed-devel. * 706175: Fix crash on accessing /proc/net/sdpstats * 722030: Cannot load ib_ipath * 703752: Prevent BUG_ON triggering on congestion Security Issue reference: * CVE-2011-1023 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1023> SUSE bug 693243 SUSE bug 703752 SUSE bug 704914 SUSE bug 706175 SUSE bug 722030 CVE-2011-1023 cpe:/a:suse:suse-linux-enterprise-rt:11:sp1 Security update for Real Time Linux Kernel SUSE Linux Enterprise Real Time Extension 11 SP2 The SUSE Linux Enterprise 11 Service Pack 2 kernel for RealTime was updated to version 3.0.101 and also includes various other bug and security fixes. The following feature has been added: * supported.conf: Mark net/netfilter/xt_set as supported. (bnc#851066, FATE#313309) The following security issues have been fixed: * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) The following non-security issues have been fixed: * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * Provide realtime priority kthread and workqueue boot options (bnc#836718). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Fix buglet in return_cfs_rq_runtime(). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * xen: netback: bump tx queue length (bnc#849404). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4 - fix deal with autofs4_write races (bnc#851314). * autofs4 - use simple_empty() for empty directory check (bnc#851314). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * xfs: Account log unmount transaction correctly (bnc#849950). * vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories don't show up as files (bnc#826602). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that don't start a new segment (bnc#769644). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * drm: don't add inferred modes for monitors that don't support them (bnc #849809). * pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). * pci: fix truncation of resource size to 32 bits (bnc#843419). * pci: pciehp: Retrieve link speed after link is trained (bnc#820102). * pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). * pci: pciehp: make check_link_active more helpful (bnc#820102). * pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * pci: pciehp: Add Disable/enable link functions (bnc#820102). * pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issues: * CVE-2013-4345 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345> * CVE-2013-4483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483> * CVE-2013-4511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511> * CVE-2013-4514 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514> * CVE-2013-4515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515> * CVE-2013-4587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587> * CVE-2013-4592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592> * CVE-2013-6367 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367> * CVE-2013-6368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368> * CVE-2013-6378 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6378> * CVE-2013-6380 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6380> * CVE-2013-6383 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383> * CVE-2013-6463 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463> * CVE-2013-7027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027> SUSE bug 708296 SUSE bug 769644 SUSE bug 787843 SUSE bug 789359 SUSE bug 806988 SUSE bug 810323 SUSE bug 813245 SUSE bug 818545 SUSE bug 819979 SUSE bug 820102 SUSE bug 820338 SUSE bug 821980 SUSE bug 823618 SUSE bug 825696 SUSE bug 825896 SUSE bug 826602 SUSE bug 826756 SUSE bug 827767 SUSE bug 828236 SUSE bug 831168 SUSE bug 834473 SUSE bug 834708 SUSE bug 834808 SUSE bug 835074 SUSE bug 835186 SUSE bug 836718 SUSE bug 837739 SUSE bug 838623 SUSE bug 839407 SUSE bug 840226 SUSE bug 841445 SUSE bug 842239 SUSE bug 843419 SUSE bug 843429 SUSE bug 843445 SUSE bug 843642 SUSE bug 843645 SUSE bug 845621 SUSE bug 845729 SUSE bug 846036 SUSE bug 846984 SUSE bug 847261 SUSE bug 848321 SUSE bug 848336 SUSE bug 848544 SUSE bug 849021 SUSE bug 849029 SUSE bug 849034 SUSE bug 849404 SUSE bug 849675 SUSE bug 849809 SUSE bug 849848 SUSE bug 849950 SUSE bug 850640 SUSE bug 851066 SUSE bug 851101 SUSE bug 851314 SUSE bug 852373 SUSE bug 852558 SUSE bug 852559 SUSE bug 853050 SUSE bug 853051 SUSE bug 853052 SUSE bug 854546 SUSE bug 854634 SUSE bug 854722 SUSE bug 855037 CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 cpe:/o:suse:suse-linux-enterprise-rt:11:sp2 Security update for Linux kernel SUSE Linux Enterprise Real Time Extension 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2) (bnc#871134). - drm/ast: open key before detect chips (bnc#895983). - drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - writeback: Do not sync data dirtied after sync start (bnc#833820). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add check for number of available vectors before CPU down (bnc#887418). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 833820 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871134 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879304 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 880892 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883096 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887418 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891281 SUSE bug 891619 SUSE bug 891746 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 SUSE bug 895221 SUSE bug 895608 SUSE bug 895680 SUSE bug 895983 SUSE bug 896689 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-3153 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 cpe:/o:suse:suse-linux-enterprise-rt:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP3 The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. The following feature was added for RT: - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus support. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Important SUSE bug 851068 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 886785 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 919463 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923245 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 927786 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930761 SUSE bug 930934 SUSE bug 931538 SUSE bug 932348 SUSE bug 932458 SUSE bug 933429 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934742 SUSE bug 934944 SUSE bug 935053 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936925 SUSE bug 937032 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 942350 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 cpe:/o:suse:suse-linux-enterprise-rt:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP3 The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384, CVE-2015-7990). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706 bnc#939207). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: Get rid if the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - Fixing wording in patch comment (bsc#923002) - fix lpfc_send_rscn_event allocation size claims bnc#935757 - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: drop first packet to dead server (bsc#946078). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - lib/string.c: introduce memchr_inv() (bnc#930788). - macvlan: Support bonding events bsc#948521 - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: make page pfmemalloc check more robust (bnc#920016). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality). - Modified -rt patches: 344 of 435, useless noise elided. - Moved iscsi kabi patch to patches.kabi (bsc#923002) - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202). - Rename kabi patch appropriately (bsc#923002) - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference. - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - XHCI: use uninterruptible sleep for waiting for internal operations (bnc#939955). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). Important SUSE bug 777565 SUSE bug 814440 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 920016 SUSE bug 923002 SUSE bug 926007 SUSE bug 926709 SUSE bug 926774 SUSE bug 930145 SUSE bug 930788 SUSE bug 932350 SUSE bug 932805 SUSE bug 933721 SUSE bug 935053 SUSE bug 935757 SUSE bug 936118 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 939207 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940925 SUSE bug 941202 SUSE bug 942204 SUSE bug 942305 SUSE bug 942367 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949981 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 953527 SUSE bug 953980 SUSE bug 954404 SUSE bug 955354 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 cpe:/o:suse:suse-linux-enterprise-rt:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097 (bnc#1021258). - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (bsc#1013604) - CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock (bsc#1013533) - CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection around np->opt (bsc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Revert 'proc: prevent accessing /proc/<PID>/environ until it's ready (bsc#1010467)' - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show function (bsc#1004517). - CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925). - CVE-2016-7117: net: Fix use after free in the recvmmsg exit path (bsc#1003077). The following non-security bugs were fixed: - blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for Skyhawk - blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036). - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036). - IB/mlx4: Fix memory leak if QP creation failed (bsc#786036). - IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036). - IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036). - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#908684). - cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655) - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387, #bsc1016831). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() - dm thin: fix race condition when destroying thin pool workqueue - dm: do not call dm_sync_table() when creating new devices (bnc#901809, bsc#1008893). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - hv: vmbus: handle various crash scenarios (bnc#986337). - hv: vmbus: remove code duplication in message handling (bnc#986337). - hv: vss: run only on supported host versions (bnc#986337). - i40e: fix an uninitialized variable bug (bsc#909484). - ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297). - igb: Fix oops caused by missing queue pairing (bsc#909491). - igb: Fix oops on changing number of rings (bsc#909491). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491). - igb: Unpair the queues when changing the number of queues (bsc#909491). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi-fix for flock_owner addition (bsc#998689). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - md/raid10: Fix memory leak when raid10 reshape completes - md/raid10: always set reshape_safe when initializing reshape_position - md: Drop sending a change uevent when stopping (bsc#1003568). - md: check command validity early in md_ioctl() (bsc#1004520). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: add missing braces in verify_qp_parameters (bsc#786036). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708 bsc#786036). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bug#919382). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netfront: do not truncate grant references. - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - oom: print nodemask in the oom report (bnc#1003866). - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350). - qlcnic: fix a timeout loop (bsc#909350) - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/package-descriptions: add -bigmem description - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618). - softirq: sirq threads raising another sirq delegate to the proper thread Otherwise, high priority timer threads expend cycles precessing other sirqs, potentially increasing wakeup latencies as thes process sirqs at a priority other than the priority specified by the user. - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458). - tg3: Fix temperature reporting (bnc#790588). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors - x86/gart: Check for GART support before accessing GART registers - xenbus: do not invoke ->is_ready() for most device states (bsc#987333). - zcrypt: Fix hang condition on crypto card config-off (bsc#1016320). - zcrypt: Fix invalid domain response handling (bsc#1016320). - zfcp: Fix erratic device offline during EH (bsc#993832). - zfcp: close window with unblocked rport during rport gone (bnc#1003677). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677). - zfcp: fix payload trace length for SAN request&response (bnc#1003677). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677). - zfcp: trace on request for open and close of WKA port (bnc#1003677). Important SUSE bug 1003077 SUSE bug 1003344 SUSE bug 1003568 SUSE bug 1003677 SUSE bug 1003813 SUSE bug 1003866 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1004520 SUSE bug 1005857 SUSE bug 1005877 SUSE bug 1005896 SUSE bug 1005903 SUSE bug 1006917 SUSE bug 1006919 SUSE bug 1007615 SUSE bug 1007944 SUSE bug 1008557 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1008893 SUSE bug 1009875 SUSE bug 1010150 SUSE bug 1010175 SUSE bug 1010201 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1011820 SUSE bug 1012411 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1012851 SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1013038 SUSE bug 1013042 SUSE bug 1013070 SUSE bug 1013531 SUSE bug 1013533 SUSE bug 1013542 SUSE bug 1013604 SUSE bug 1014410 SUSE bug 1014454 SUSE bug 1014746 SUSE bug 1015561 SUSE bug 1015752 SUSE bug 1015760 SUSE bug 1015796 SUSE bug 1015803 SUSE bug 1015817 SUSE bug 1015828 SUSE bug 1015844 SUSE bug 1015848 SUSE bug 1015878 SUSE bug 1015932 SUSE bug 1016320 SUSE bug 1016505 SUSE bug 1016520 SUSE bug 1016668 SUSE bug 1016688 SUSE bug 1016824 SUSE bug 1016831 SUSE bug 1017686 SUSE bug 1017710 SUSE bug 1019148 SUSE bug 1019165 SUSE bug 1019348 SUSE bug 1019783 SUSE bug 1020214 SUSE bug 1021258 SUSE bug 748806 SUSE bug 763198 SUSE bug 771065 SUSE bug 786036 SUSE bug 790588 SUSE bug 795297 SUSE bug 799133 SUSE bug 800999 SUSE bug 803320 SUSE bug 821612 SUSE bug 824171 SUSE bug 851603 SUSE bug 853052 SUSE bug 860441 SUSE bug 863873 SUSE bug 865783 SUSE bug 871728 SUSE bug 901809 SUSE bug 907611 SUSE bug 908458 SUSE bug 908684 SUSE bug 909077 SUSE bug 909350 SUSE bug 909484 SUSE bug 909491 SUSE bug 909618 SUSE bug 913387 SUSE bug 914939 SUSE bug 919382 SUSE bug 922634 SUSE bug 924708 SUSE bug 925065 SUSE bug 928138 SUSE bug 929141 SUSE bug 953233 SUSE bug 956514 SUSE bug 960689 SUSE bug 961589 SUSE bug 962846 SUSE bug 963655 SUSE bug 967716 SUSE bug 968010 SUSE bug 969340 SUSE bug 973203 SUSE bug 973691 SUSE bug 979681 SUSE bug 984194 SUSE bug 986337 SUSE bug 987333 SUSE bug 987576 SUSE bug 989152 SUSE bug 989680 SUSE bug 989764 SUSE bug 989896 SUSE bug 990245 SUSE bug 992566 SUSE bug 992991 SUSE bug 993739 SUSE bug 993832 SUSE bug 995968 SUSE bug 996541 SUSE bug 996557 SUSE bug 997401 SUSE bug 998689 SUSE bug 999101 SUSE bug 999907 CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-3841 CVE-2016-5696 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9576 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2017-5551 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Important SUSE bug 1000365 SUSE bug 1000380 SUSE bug 1012422 SUSE bug 1013018 SUSE bug 1015452 SUSE bug 1023051 SUSE bug 1029140 SUSE bug 1029850 SUSE bug 1030552 SUSE bug 1030593 SUSE bug 1030814 SUSE bug 1032340 SUSE bug 1032471 SUSE bug 1034026 SUSE bug 1034670 SUSE bug 1035576 SUSE bug 1035721 SUSE bug 1035777 SUSE bug 1035920 SUSE bug 1036056 SUSE bug 1036288 SUSE bug 1036629 SUSE bug 1037191 SUSE bug 1037193 SUSE bug 1037227 SUSE bug 1037232 SUSE bug 1037233 SUSE bug 1037356 SUSE bug 1037358 SUSE bug 1037359 SUSE bug 1037441 SUSE bug 1038544 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039258 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040351 SUSE bug 1041160 SUSE bug 1041431 SUSE bug 1041762 SUSE bug 1041975 SUSE bug 1042045 SUSE bug 1042615 SUSE bug 1042633 SUSE bug 1042687 SUSE bug 1042832 SUSE bug 1042863 SUSE bug 1043014 SUSE bug 1043234 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044216 SUSE bug 1044230 SUSE bug 1044854 SUSE bug 1044882 SUSE bug 1044913 SUSE bug 1045154 SUSE bug 1045356 SUSE bug 1045416 SUSE bug 1045479 SUSE bug 1045487 SUSE bug 1045525 SUSE bug 1045538 SUSE bug 1045547 SUSE bug 1045615 SUSE bug 1046107 SUSE bug 1046192 SUSE bug 1046715 SUSE bug 1047027 SUSE bug 1047053 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047523 SUSE bug 1047653 SUSE bug 1048185 SUSE bug 1048221 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049128 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049688 SUSE bug 1049882 SUSE bug 1050154 SUSE bug 1050431 SUSE bug 1051478 SUSE bug 1051515 SUSE bug 1051770 SUSE bug 1055680 SUSE bug 784815 SUSE bug 792863 SUSE bug 799133 SUSE bug 909618 SUSE bug 919382 SUSE bug 928138 SUSE bug 938352 SUSE bug 943786 SUSE bug 948562 SUSE bug 962257 SUSE bug 971975 SUSE bug 972891 SUSE bug 986924 SUSE bug 990682 SUSE bug 995542 CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: Buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user potentially allowing for code execution (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260 1088268). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function could have beenexploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: Prevent elevation of privilege vulnerability in the video driver (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector had small consecutive buffers belonging to the same page. The bio_add_pc_page function merged them into one, but the page reference was never dropped. This caused a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - KABI: x86/kaiser: properly align trampoline stack. - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - KEYS: prevent creating a different user's keyrings (bnc#1065999). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Use function 0 VPD for identical functions, regular VPD for others (bnc#943786 git-fixes). - Revert 'USB: cdc-acm: fix broken runtime suspend' (bsc#1067912) - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085513, LTC#165135). - blacklist.conf: blacklisted 7edaeb6841df ('kernel/watchdog: Prevent false positives with turbo modes') (bnc#1063516) - blacklist.conf: blacklisted 9fbc1f635fd0bd28cb32550211bf095753ac637a (bnc#1089665) - blacklist.conf: blacklisted ba4877b9ca51f80b5d30f304a46762f0509e1635 (bnc#1089668) - cifs: fix buffer overflow in cifs_build_path_to_root() (bsc#1085113). - drm/mgag200: fix a test in mga_vga_mode_valid() (bsc#1087092). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1013018). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1013018). - ide-cd: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - media: cpia2: Fix a couple off by one bugs (bsc#1050431). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - pipe: actually allow root to exceed the pipe buffer limits (git-fixes). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bnc#1032084). - powerpc/fadump: reuse crashkernel parameter for fadump memory reservation (bnc#1032084). - powerpc/fadump: update documentation about crashkernel parameter reuse (bnc#1032084). - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075088). - qeth: repair SBAL elements calculation (bnc#1085513, LTC#165484). - s390/qeth: fix underestimated count of buffer elements (bnc#1082091, LTC#164529). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032). - xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Important SUSE bug 1010470 SUSE bug 1013018 SUSE bug 1032084 SUSE bug 1039348 SUSE bug 1050431 SUSE bug 1052943 SUSE bug 1062568 SUSE bug 1062840 SUSE bug 1063416 SUSE bug 1063516 SUSE bug 1065600 SUSE bug 1065999 SUSE bug 1067118 SUSE bug 1067912 SUSE bug 1068032 SUSE bug 1072689 SUSE bug 1072865 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1078669 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078674 SUSE bug 1080464 SUSE bug 1080757 SUSE bug 1080813 SUSE bug 1081358 SUSE bug 1082091 SUSE bug 1082424 SUSE bug 1083242 SUSE bug 1083275 SUSE bug 1083483 SUSE bug 1083494 SUSE bug 1084536 SUSE bug 1085113 SUSE bug 1085279 SUSE bug 1085331 SUSE bug 1085513 SUSE bug 1086162 SUSE bug 1087092 SUSE bug 1087209 SUSE bug 1087260 SUSE bug 1087762 SUSE bug 1088147 SUSE bug 1088260 SUSE bug 1089608 SUSE bug 1089665 SUSE bug 1089668 SUSE bug 1089752 SUSE bug 909077 SUSE bug 940776 SUSE bug 943786 SUSE bug 951638 CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2018-10087 CVE-2018-10124 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The following non-security bugs were fixed: - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658). - alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561). - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#933782). - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200). - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818). - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369). - bnx2x: fix DMA API usage (bsc#953369). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200). - driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ec2: Update kabi files and start tracking ec2 - ext3: fix data=journal fast mount/umount hang (bsc#942082). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369) - kbuild: create directory for dir/file.o (bsc#959312). - llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - nvme: default to 4k device page size (bsc#967042). - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815). - pci: Update VPD size with correct length (bsc#958906). - pl2303: fix TIOCMIWAIT (bnc#959649). - pl2303: introduce private disconnect method (bnc#959649). - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514). - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094). - rt: v3.0-rt relevant @stable-rt patches from v3.2-rt rt111 update - s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434). - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434). - s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434). - s390/cio: update measurement characteristics (bnc#958000, LTC#136434). - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143). - s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - sunrpc: restore fair scheduling to priority queues (bsc#955308). - supported.conf: Add xen-blkfront. - tg3: 5715 does not link up when autoneg off (bsc#904035). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: pl2303: clean up line-status handling (bnc#959649). - usb: pl2303: only wake up MSR queue on changes (bnc#959649). - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix netpoll race condition (bsc#958912). - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200). - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200). - xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200). - xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200). - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200). - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200). - xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200). - xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200). - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200). - xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200). - xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200). - xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200). - xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200). - xen-blkfront: free allocated page (bsc#961658 fate#320200). - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200). - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200). - xen-blkfront: Handle discard requests (bsc#961658 fate#320200). - xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200). - xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200). - xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200). - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200). - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200). - xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200). - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200). - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200). - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200). - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200). - xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200). - xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200). - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200). - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200). - xen-blkfront: switch from llist to list (bsc#961658 fate#320200). - xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200). - xen-block: implement indirect descriptors (bsc#961658 fate#320200). - xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200). - xen: Update Xen config files (enable upstream block frontend). - xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183). - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479). Important SUSE bug 758040 SUSE bug 904035 SUSE bug 912738 SUSE bug 915183 SUSE bug 924919 SUSE bug 933782 SUSE bug 937444 SUSE bug 940017 SUSE bug 940946 SUSE bug 942082 SUSE bug 947128 SUSE bug 948330 SUSE bug 949298 SUSE bug 951392 SUSE bug 951815 SUSE bug 952976 SUSE bug 953369 SUSE bug 954992 SUSE bug 955308 SUSE bug 955654 SUSE bug 955837 SUSE bug 955925 SUSE bug 956084 SUSE bug 956375 SUSE bug 956514 SUSE bug 956708 SUSE bug 956949 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 958000 SUSE bug 958463 SUSE bug 958886 SUSE bug 958906 SUSE bug 958912 SUSE bug 958951 SUSE bug 959190 SUSE bug 959312 SUSE bug 959399 SUSE bug 959649 SUSE bug 959705 SUSE bug 961500 SUSE bug 961509 SUSE bug 961516 SUSE bug 961658 SUSE bug 962965 SUSE bug 963276 SUSE bug 963561 SUSE bug 963765 SUSE bug 963767 SUSE bug 964201 SUSE bug 964818 SUSE bug 966094 SUSE bug 966137 SUSE bug 966437 SUSE bug 966693 SUSE bug 967042 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 969307 SUSE bug 969571 CVE-2013-7446 CVE-2015-7515 CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). Important SUSE bug 1012382 SUSE bug 1045538 SUSE bug 1048585 SUSE bug 1050431 SUSE bug 1054305 SUSE bug 1059174 SUSE bug 1060279 SUSE bug 1060682 SUSE bug 1063544 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1069508 SUSE bug 1070623 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074880 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076437 SUSE bug 1076849 SUSE bug 1077191 SUSE bug 1077355 SUSE bug 1077406 SUSE bug 1077487 SUSE bug 1077560 SUSE bug 1077922 SUSE bug 1078875 SUSE bug 1079917 SUSE bug 1080133 SUSE bug 1080359 SUSE bug 1080363 SUSE bug 1080372 SUSE bug 1080579 SUSE bug 1080685 SUSE bug 1080774 SUSE bug 1081500 SUSE bug 936530 SUSE bug 962257 CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add 'on'/'off' support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert 'NFS: Make close(2) asynchronous when closing NFS O_DIRECT files' (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert ' libfc: use offload EM instance again instead jumping to next EM' (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove 'weak' from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1012382 SUSE bug 1031572 SUSE bug 1068032 SUSE bug 1086695 SUSE bug 1087081 SUSE bug 1094244 SUSE bug 1098658 SUSE bug 1104098 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105536 SUSE bug 1106105 SUSE bug 1106886 SUSE bug 1107371 SUSE bug 1109330 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1112963 SUSE bug 1113667 SUSE bug 1114440 SUSE bug 1114672 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1115827 SUSE bug 1115828 SUSE bug 1115829 SUSE bug 1115830 SUSE bug 1115831 SUSE bug 1115832 SUSE bug 1115833 SUSE bug 1115834 SUSE bug 1115835 SUSE bug 1115836 SUSE bug 1115837 SUSE bug 1115838 SUSE bug 1115839 SUSE bug 1115840 SUSE bug 1115841 SUSE bug 1115842 SUSE bug 1115843 SUSE bug 1115844 SUSE bug 1116841 SUSE bug 1117796 SUSE bug 1117802 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117943 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1118760 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120056 SUSE bug 1120077 SUSE bug 1120086 SUSE bug 1120093 SUSE bug 1120094 SUSE bug 1120105 SUSE bug 1120107 SUSE bug 1120109 SUSE bug 1120217 SUSE bug 1120223 SUSE bug 1120226 SUSE bug 1120336 SUSE bug 1120347 SUSE bug 1120743 SUSE bug 1120950 SUSE bug 1121872 SUSE bug 1121997 SUSE bug 1122874 SUSE bug 1123505 SUSE bug 1123702 SUSE bug 1123706 SUSE bug 1124010 SUSE bug 1124735 SUSE bug 1125931 SUSE bug 931850 SUSE bug 969471 SUSE bug 969473 CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times (bnc#969356). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). The following non-security bugs were fixed: - acpi / pci: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying & updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hpsa: fix issues with multilun devices (bsc#959381). - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: Import kabi files from kernel 3.0.101-71 - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kabi: Restore kabi after lock-owner change (bnc#968141). - llist: Add llist_next() (fate#316876). - make vfree() safe to call from interrupt contexts (fate#316876). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one 'from' address not marked synced (bsc#971433). - nfs4: treat lock owners as opaque values (bnc#968141). - nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - nfsd: do not fail unchecked creates of non-special files (bsc#973237). - nfs: use smaller allocations for 'struct idmap' (bsc#965923). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - pci: Move pci_ari_enabled() to global header (bsc#968566). - pci: Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - rdma/ucma: Fix AB-BA deadlock (bsc#963998). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - usb: usbip: fix potential out-of-bounds write (bnc#975945). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). Important SUSE bug 898592 SUSE bug 940413 SUSE bug 946122 SUSE bug 949752 SUSE bug 956852 SUSE bug 957988 SUSE bug 957990 SUSE bug 959381 SUSE bug 960458 SUSE bug 961512 SUSE bug 963998 SUSE bug 965319 SUSE bug 965860 SUSE bug 965923 SUSE bug 967863 SUSE bug 968010 SUSE bug 968018 SUSE bug 968141 SUSE bug 968566 SUSE bug 968670 SUSE bug 968687 SUSE bug 969356 SUSE bug 970504 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971360 SUSE bug 971433 SUSE bug 971729 SUSE bug 972363 SUSE bug 973237 SUSE bug 973378 SUSE bug 973556 SUSE bug 973570 SUSE bug 975772 SUSE bug 975945 CVE-2015-1339 CVE-2015-7566 CVE-2015-8551 CVE-2015-8552 CVE-2015-8816 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bsc#1032340). - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used to bypass certain secure boot settings. (bnc#1039456). - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010) (bnc#1039348). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bsc#1049603). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565 bsc#1028372). - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579). - CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a padded len isn't checked in ticket decode (bsc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bsc#1049483). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182 bsc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1037183 bsc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - alsa: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - alsa: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - alsa: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - alsa: hda - using uninitialized data (bsc#1045538). - alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122) - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Don't clear SGID when inheriting ACLs (bsc#1030552). - cifs: backport prepath matching fix (bsc#799133). - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - clocksource: Remove 'weak' from clocksource_default_clock() declaration (bnc#1013018). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (fate#314588,bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - devres: fix a for loop bounds check (git-fixes). - dlm: backport 'fix lvb invalidation conditions' (bsc#1005651). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551) - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81) - edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr() (fate#313937). - enic: set skb->hash type properly (bsc#911105 FATE#317501). - ext2: Don't clear SGID when inheriting ACLs (bsc#1030552). - ext3: Don't clear SGID when inheriting ACLs (bsc#1030552). - ext4: Don't clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: fix mballoc breakage with 64k block size (bsc#1013018). - ext4: fix stack memory corruption with 64k block size (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - ext4: reject inodes with negative size (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - Fix soft lockup in svc_rdma_send (bsc#1044854). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fuse: add missing FR_FORCE (bsc#1013018). - fuse: initialize fc->release before calling it (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - i40e: avoid null pointer dereference (bsc#909486 FATE#317393). - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - ib/mlx4: Demote mcg message from warning to debug (bsc#919382). - ib/mlx4: Fix ib device initialization error flow (bsc#919382). - ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - ib/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - initial cr0 bits (bnc#1036056, LTC#153612). - input: cm109 - validate number of endpoints before using them (bsc#1037193). - input: hanwang - validate number of endpoints before using them (bsc#1037232). - input: yealink - validate number of endpoints before using them (bsc#1037227). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - jsm: add support for additional Neo cards (bsc#1045615). - kabi fix (bsc#1008893). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508). - kabi:severeties: Add splice_write_to_file PASS This function is part of an xfs-specific fix which never went upstream and is not expected to have 3rdparty users other than xfs itself. - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - keys: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - kvm: kvm_io_bus_unregister_dev() should never fail. - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - lockd: use init_utsname for id encoding (bsc#1033804). - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md/linear: shutup lockdep warnning (bsc#1018446). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - mm: do not collapse stack gap into THP (bnc#1039348) - mm: enlarge stack guard gap (bnc#1039348). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm/mempolicy.c: do not put mempolicy before using its nodemask (References: VM Performance, bnc#931620). - mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348, bnc#1045340, bnc#1045406). - module: fix memory leak on early load_module() failures (bsc#1043014). - Move nr_cpus_allowed into a hole in struct_sched_entity instead of the one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which will screw up kABI for RT instead of curing the space needed problem in sched_rt_entity caused by adding ff77e4685359. This leaves nr_cpus_alowed in an odd spot, but safely allows the RT entity specific data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed just moves from one odd spot to another. - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815 FATE#313898). - nfs: Avoid getting confused by confused server (bsc#1045416). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - nfsd: Don't use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Fix another OPEN_DOWNGRADE bug (git-next). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfs: Fix size of NFSACL SETACL operations (git-fixes). - nfs: Make nfs_readdir revalidate less often (bsc#1048232). - nfs: tidy up nfs_show_mountd_netid (git-fixes). - nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - nfsv4: Fix another bug in the close/open_downgrade code (git-fixes). - nfsv4: fix getacl head length estimation (git-fixes). - nfsv4: Fix problems with close in the presence of a delegation (git-fixes). - nfsv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: Don't clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - ocfs2: null deref on allocation error (bsc#1013018). - pci: Allow access to VPD attributes with size 0 (bsc#1018074). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: use pci_physfn() (bsc#999245). - pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - posix-timers: Fix stack info leak in timer_create() (bnc#1013018). - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting smt_snooze_delay (bsc#1023163). - powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138,fate#319026). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (fate#322495, bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (fate#322495, bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (fate#322495, bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495, bsc#1032471). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (fate#322495, bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (fate#322495, bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (fate#322495, bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (fate#322495, bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (fate#322495, bsc#1032471). - powerpc/mm/slice: Update the function prototype (fate#322495, bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (fate#322495, bsc#1032471). - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Remove STAB code (fate#322495, bsc#1032471). - powerpc/vdso64: Use double word compare on pointers (bsc#1016489). - raid1: avoid unnecessary spin locks in I/O barrier code (bsc#982783,bsc#1026260). - random32: fix off-by-one in seeding requirement (git-fixes). - rcu: Call out dangers of expedited RCU primitives (bsc#1008893). - rcu: Direct algorithmic SRCU implementation (bsc#1008893). - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893). - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893). - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893). - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893). - reiserfs: Don't clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: don't preallocate blocks for extended attributes (bsc#990682). - Remove patches causing regression (bsc#1043234) - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'kabi:severeties: Add splice_write_to_file PASS' This reverts commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2. - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - Revert 'xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).' I was baing my assumption of SLE11-SP4 needing this patch on an old kernel build (3.0.101-63). Re-testing with the latest one 3.0.101-94 shows that the issue is not present. Furthermore this one was causing some crashes. This reverts commit 16ceeac70f7286b6232861c3170ed32e39dcc68c. - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144). - s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched: Do not account bogus utime (bnc#938352). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Fix SD_OVERLAP (bnc#1013018). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - scsi: zfcp: do not trace pure benign residual HBA responses at default level (bnc#1025702, LTC#151317). - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702, LTC#151319). - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send (bnc#1025702, LTC#151365). - scsi: zfcp: fix use-after-'free' in FC ingress path after TMF (bnc#1025702, LTC#151312). - sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - sunrpc: Clean up the slot table allocation (bsc#1013862). - sunrpc: Fix a memory leak in the backchannel code (git-fixes). - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - Update metadata for serial fixes (bsc#1013070) - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - usb: cdc-acm: fix broken runtime suspend (bsc#1033771). - usb: cdc-acm: fix open and suspend race (bsc#1033771). - usb: cdc-acm: fix potential urb leak and PM imbalance in write (bsc#1033771). - usb: cdc-acm: fix runtime PM for control messages (bsc#1033771). - usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771). - usb: cdc-acm: fix shutdown and suspend race (bsc#1033771). - usb: cdc-acm: fix write and resume race (bsc#1033771). - usb: cdc-acm: fix write and suspend race (bsc#1033771). - usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - usb: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - usb: class: usbtmc: do not print on ENOMEM (bsc#1036288). - usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453). - usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - usb: iowarrior: fix NULL-deref in write (bsc#1037359). - usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - usb: serial: ark3116: fix register-accessor error handling (git-fixes). - usb: serial: ch341: fix open error handling (bsc#1037441). - usb: serial: cp210x: fix tiocmget error handling (bsc#1037441). - usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - usb: serial: io_ti: fix information leak in completion handler (git-fixes). - usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - usb: serial: mos7720: fix NULL-deref at open (bsc#1033816). - usb: serial: mos7720: fix parallel probe (bsc#1033816). - usb: serial: mos7720: fix parport use-after-free on probe errors (bsc#1033816). - usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816). - usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - usb: serial: mos7840: fix NULL-deref at open (bsc#1034026). - usb: serial: oti6858: fix NULL-deref at open (bsc#1037441). - usb: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usb: usbip: fix nonconforming hub descriptor (bsc#1047487). - usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - usb: usbtmc: add missing endpoint sanity check (bsc#1036288). - usb: usbtmc: Change magic number to constant (bsc#1036288). - usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - usb: usbtmc: fix DMA on stack (bsc#1036288). - usb: usbtmc: fix probe error path (bsc#1036288). - usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL (bsc#1023014). - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available. SLE11 has make 3.81 so it is required to include make 4 in the kernel OBS projects to take advantege of this. - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: kill xfs_itruncate_start (bsc#1024788). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788). - xfs: remove the i_size field in struct xfs_inode (bsc#1024788). - xfs: remove xfs_itruncate_data (bsc#1024788). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: split xfs_itruncate_finish (bsc#1024788). - xfs: split xfs_setattr (bsc#1024788). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Important SUSE bug 1003077 SUSE bug 1005651 SUSE bug 1008374 SUSE bug 1008850 SUSE bug 1008893 SUSE bug 1012422 SUSE bug 1013018 SUSE bug 1013070 SUSE bug 1013800 SUSE bug 1013862 SUSE bug 1016489 SUSE bug 1017143 SUSE bug 1018074 SUSE bug 1018263 SUSE bug 1018446 SUSE bug 1019168 SUSE bug 1020229 SUSE bug 1021256 SUSE bug 1021913 SUSE bug 1022971 SUSE bug 1023014 SUSE bug 1023051 SUSE bug 1023163 SUSE bug 1023888 SUSE bug 1024508 SUSE bug 1024788 SUSE bug 1024938 SUSE bug 1025235 SUSE bug 1025702 SUSE bug 1026024 SUSE bug 1026260 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027101 SUSE bug 1027178 SUSE bug 1027565 SUSE bug 1028372 SUSE bug 1028415 SUSE bug 1028880 SUSE bug 1029140 SUSE bug 1029212 SUSE bug 1029770 SUSE bug 1029850 SUSE bug 1030213 SUSE bug 1030552 SUSE bug 1030573 SUSE bug 1030593 SUSE bug 1030814 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031579 SUSE bug 1032141 SUSE bug 1032340 SUSE bug 1032471 SUSE bug 1033287 SUSE bug 1033336 SUSE bug 1033771 SUSE bug 1033794 SUSE bug 1033804 SUSE bug 1033816 SUSE bug 1034026 SUSE bug 1034670 SUSE bug 1035576 SUSE bug 1035777 SUSE bug 1035920 SUSE bug 1036056 SUSE bug 1036288 SUSE bug 1036629 SUSE bug 1037182 SUSE bug 1037183 SUSE bug 1037191 SUSE bug 1037193 SUSE bug 1037227 SUSE bug 1037232 SUSE bug 1037233 SUSE bug 1037356 SUSE bug 1037358 SUSE bug 1037359 SUSE bug 1037441 SUSE bug 1038544 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039258 SUSE bug 1039348 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040351 SUSE bug 1041160 SUSE bug 1041431 SUSE bug 1041762 SUSE bug 1041975 SUSE bug 1042045 SUSE bug 1042200 SUSE bug 1042615 SUSE bug 1042633 SUSE bug 1042687 SUSE bug 1042832 SUSE bug 1043014 SUSE bug 1043234 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044216 SUSE bug 1044230 SUSE bug 1044854 SUSE bug 1044882 SUSE bug 1044913 SUSE bug 1044985 SUSE bug 1045154 SUSE bug 1045340 SUSE bug 1045356 SUSE bug 1045406 SUSE bug 1045416 SUSE bug 1045525 SUSE bug 1045538 SUSE bug 1045547 SUSE bug 1045615 SUSE bug 1046107 SUSE bug 1046122 SUSE bug 1046192 SUSE bug 1046715 SUSE bug 1047027 SUSE bug 1047053 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047523 SUSE bug 1047653 SUSE bug 1048185 SUSE bug 1048221 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049688 SUSE bug 1049882 SUSE bug 1050154 SUSE bug 1050431 SUSE bug 1051478 SUSE bug 1051515 SUSE bug 1051770 SUSE bug 784815 SUSE bug 792863 SUSE bug 799133 SUSE bug 870618 SUSE bug 909486 SUSE bug 909618 SUSE bug 911105 SUSE bug 919382 SUSE bug 928138 SUSE bug 931620 SUSE bug 938352 SUSE bug 943786 SUSE bug 948562 SUSE bug 962257 SUSE bug 970956 SUSE bug 971975 SUSE bug 972891 SUSE bug 979021 SUSE bug 982783 SUSE bug 983212 SUSE bug 985561 SUSE bug 986362 SUSE bug 986365 SUSE bug 986924 SUSE bug 988065 SUSE bug 989056 SUSE bug 990682 SUSE bug 991651 SUSE bug 995542 SUSE bug 999245 CVE-2014-9922 CVE-2015-3288 CVE-2015-8970 CVE-2016-10200 CVE-2016-2188 CVE-2016-4997 CVE-2016-5243 CVE-2016-7117 CVE-2017-1000363 CVE-2017-1000364 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2636 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-7616 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for kernel-source-rt (Moderate) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version 3.0.101.rt130-45.1 to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bnc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bnc#935705). * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994) The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid if the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - CIFS: Fix missing crypto allocation (bnc#937402). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - SCSI: scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (bnc#884333, bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - Set hostbyte status in scsi_check_sense() (bsc#920733). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - apparmor: fix file_permission if profile is updated (bsc#917968). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm-&gt;def_flags setting in load_elf_binary() (bnc#891116). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm-&gt;pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, LTC#126491). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Moderate SUSE bug 777565 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 884333 SUSE bug 886785 SUSE bug 891116 SUSE bug 894936 SUSE bug 915517 SUSE bug 917968 SUSE bug 920016 SUSE bug 920110 SUSE bug 920733 SUSE bug 923002 SUSE bug 923431 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 927355 SUSE bug 929076 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930934 SUSE bug 931620 SUSE bug 932350 SUSE bug 933721 SUSE bug 935053 SUSE bug 935055 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936095 SUSE bug 936118 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936921 SUSE bug 936925 SUSE bug 937032 SUSE bug 937256 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 938485 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 940925 SUSE bug 940966 SUSE bug 942204 SUSE bug 942305 SUSE bug 942350 SUSE bug 942367 SUSE bug 942404 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943477 CVE-2015-1420 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5707 CVE-2015-6252 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting a prepared ext2 filesystem as ext4 could lead to a local denial of service (crash) (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969 937970 938706 939207). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - af_xhci: avoid path quiesce of severed path in shutdown() (bnc#946214, LTC#131684). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drivers: hv: do not do hypercalls when hypercall_page is NULL. - drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - drivers: hv: vmbus: add special crash handler (bnc#930770). - drivers: hv: vmbus: add special kexec handler. - drivers: hv: vmbus: Get rid of some unused definitions. - drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - drivers: hv: vmbus: kill tasklets on module unload. - drivers: hv: vmbus: prefer 'die' notification chain to 'panic'. - drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - drivers: hv: vmbus: unregister panic notifier on module unload. - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality). - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - Import SP4-RT GA kabi files - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: drop first packet to dead server (bsc#946078). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214, LTC#130124). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214, LTC#132100). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - keys: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950, VM Functionality). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality). - mm: remove GFP_THISNODE (bsc#954950, VM Functionality). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS (fate#304949)). - Modified -rt patches: 343 of 434, noise elided. - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pci: Add dev_flags bit to access VPD through function 0 (bnc#943786). - pci: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - pci: delay configuration of SRIOV capability (bnc#952084). - pci: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - pci: set pci sriov page size before reading SRIOV BAR (bnc#952084). - pci: Update NumVFs register when disabling SR-IOV (bnc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984, LTC#133077). - s390/pci: handle events for unused functions (bnc#946214, LTC#130628). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214, LTC#130628). - s390/pci: improve state check when processing hotplug events (bnc#946214, LTC#130628). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sg: fix read() error reporting (bsc#926774). - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673). - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference. - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (fate#317533, bnc#937256). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (fate#317533, bnc#937256). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Important SUSE bug 814440 SUSE bug 879378 SUSE bug 879381 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 921081 SUSE bug 926709 SUSE bug 926774 SUSE bug 930145 SUSE bug 930770 SUSE bug 930788 SUSE bug 930835 SUSE bug 932805 SUSE bug 935053 SUSE bug 935123 SUSE bug 935757 SUSE bug 937256 SUSE bug 937444 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 939207 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940913 SUSE bug 940946 SUSE bug 941202 SUSE bug 942938 SUSE bug 943786 SUSE bug 944677 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946214 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949936 SUSE bug 949981 SUSE bug 950298 SUSE bug 950750 SUSE bug 950998 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 953799 SUSE bug 953980 SUSE bug 954404 SUSE bug 954628 SUSE bug 954950 SUSE bug 954984 SUSE bug 955354 SUSE bug 955673 SUSE bug 956709 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-1000253: Setuid root PIE binaries could still be exploited to gain local root access due missing overlapping memory checking in the ELF loader in the Linux Kernel. (bnc#1059525). The following non-security bugs were fixed: - blacklist.conf: blacklist bfedb589252c ('mm: Add a user_ns owner to mm_struct and fix ptrace permission checks') (bnc#1044228) - bnx2x: prevent crash when accessing PTP with interface down (bsc#1060665). - drm/mgag200: Fixes for G200eH3. (bnc#1062842) - fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (bnc#1059525). - getcwd: Close race with d_move called by lustre (bsc#1052593). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484 FATE#317397). - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - lustre: Fix 'getcwd: Close race with d_move called by lustre' for -rt Convert added spin_lock/unlock() of ->d_lock to seqlock variants. - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180). - netback: coalesce (guest) RX SKBs as needed (bsc#1056504). - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230). - powerpc: Make sure IPI handlers see data written by IPI senders (bnc#1056230). - powerpc/xics: Harden xics hypervisor backend (bnc#1056230). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1063301, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060245, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060245, LTC#159177). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - scsi: reset wait for IO completion (bsc#996376). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1060245, LTC#158494). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1060245, LTC#158494). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1060245, LTC#158493). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1060245, LTC#158494). - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#1036286). Important SUSE bug 1022967 SUSE bug 1036286 SUSE bug 1044228 SUSE bug 1045327 SUSE bug 1052593 SUSE bug 1053317 SUSE bug 1056230 SUSE bug 1056504 SUSE bug 1057796 SUSE bug 1059051 SUSE bug 1059525 SUSE bug 1060245 SUSE bug 1060665 SUSE bug 1061017 SUSE bug 1061180 SUSE bug 1062520 SUSE bug 1062842 SUSE bug 1063301 SUSE bug 1063544 SUSE bug 1063667 SUSE bug 909484 SUSE bug 996376 CVE-2017-1000253 CVE-2017-13080 CVE-2017-14489 CVE-2017-15265 CVE-2017-15274 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 realtime kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. The following security bugs were fixed: - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - Add upstream RT preemption points to block/blk-iopoll.c and net/core/dev.c - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538). - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538). - asm alternatives: remove incorrect alignment notes. - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - autofs: do not fail mount for transient error (bsc#1065180). - autofs: fix careless error in recent commit (bsc#1065180). - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538) - blacklist.conf: Blacklisted commit 2b1be689f3aadcfe0 ('printk/console: Always disable boot consoles that use init memory before it is freed') - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - dm bufio: fix integer overflow when limiting maximum cache size (git-fixes). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand() to avoid deadloack (bsc#1067816). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs-cache: fix dereference of NULL user_key_payload (git-fixes). - fs: prevent speculative execution (bnc#1068032). [jkosina@suse.cz: hack around kABI; this should be done in separate patch in patches.kabi eventually] - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi fix for new hash_cred function (bsc#1012917). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl() (bsc#1051133). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - nfs: Fix ugly referral attributes (git-fixes). - nfs: improve shinking of access cache (bsc#1012917). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Correct instruction code for xxlor instruction (bsc#1064861, git-fixes). - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861, git-fixes). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1064861, git-fixes). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888, git-fixes f2ab6219969f). - powerpc-rfi-flush.patch: disable due to boot failure - powerpc: Secure memory rfi flush (bsc#1068032). - pti: unbreak EFI (bsc#1074709). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - Revert 'mac80211: accept key reinstall without changing anything' - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb-serial: check for NULL private data in pl2303_suse_disconnect (bsc#1064803). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). Important SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1024612 SUSE bug 1034862 SUSE bug 1045205 SUSE bug 1045479 SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1048185 SUSE bug 1050231 SUSE bug 1050431 SUSE bug 1051133 SUSE bug 1054305 SUSE bug 1056982 SUSE bug 1063043 SUSE bug 1064803 SUSE bug 1064861 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066569 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066618 SUSE bug 1066625 SUSE bug 1066650 SUSE bug 1066671 SUSE bug 1066693 SUSE bug 1066700 SUSE bug 1066705 SUSE bug 1066973 SUSE bug 1067085 SUSE bug 1067816 SUSE bug 1067888 SUSE bug 1068032 SUSE bug 1068671 SUSE bug 1068984 SUSE bug 1069702 SUSE bug 1070771 SUSE bug 1070964 SUSE bug 1071074 SUSE bug 1071470 SUSE bug 1071695 SUSE bug 1072457 SUSE bug 1072561 SUSE bug 1072876 SUSE bug 1073792 SUSE bug 1073874 SUSE bug 1074709 CVE-2017-11600 CVE-2017-13167 CVE-2017-14106 CVE-2017-15102 CVE-2017-15115 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the DPDK, additionally multiple vendor NIC firmware is affected (bnc#1077355). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). The following non-security bugs were fixed: - Add proper NX hadnling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kabi/severities ignore Cell-specific symbols - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - Update config files: enable CPU vulnerabilities reporting via sysfs - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Important SUSE bug 1012382 SUSE bug 1045538 SUSE bug 1048585 SUSE bug 1049128 SUSE bug 1050431 SUSE bug 1054305 SUSE bug 1059174 SUSE bug 1060279 SUSE bug 1060682 SUSE bug 1063544 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1069508 SUSE bug 1070623 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074880 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076437 SUSE bug 1076849 SUSE bug 1077191 SUSE bug 1077355 SUSE bug 1077406 SUSE bug 1077487 SUSE bug 1077560 SUSE bug 1077922 SUSE bug 1078875 SUSE bug 1079917 SUSE bug 1080133 SUSE bug 1080359 SUSE bug 1080363 SUSE bug 1080372 SUSE bug 1080579 SUSE bug 1080685 SUSE bug 1080774 SUSE bug 1081500 SUSE bug 936530 SUSE bug 962257 CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability was fixed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device lead to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081). - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - usb: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - usb: hub: fix non-SS hub-descriptor handling (bsc#1047487). - usb: kobil_sct: fix non-atomic allocation in write path (bsc#1015828). - usb: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - usb: serial: io_edgeport: fix NULL-deref at open (bsc#1015828). - usb: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - usb: visor: Match I330 phone more precisely (bsc#1047487). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable prot_none native mitigation (bnc#1104684) - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm: re-enable error handling (bsc#1103884) - efivarfs: maintain the efivarfs interfaces when sysfs be created and removed (bsc#1097125). - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Handle Broadwell family processors (bsc#1093183). - s390/qeth: fix IPA command submission race (bnc#1099709, LTC#169004). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1102087, LTC#168038). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1102087, LTC#168765). - series.conf: Remove trailing whitespaces - slab: introduce kmalloc_array() (bsc#909361). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - x64/entry: move ENABLE_IBRS after switching from trampoline stack (bsc#1098658). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/fpu: fix signal handling with eager FPU switching (bsc#1100091). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/traps: Fix bad_iret_stack in fixup_bad_iret() (bsc#1098658). - x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132). Important SUSE bug 1015828 SUSE bug 1037441 SUSE bug 1047487 SUSE bug 1082962 SUSE bug 1083900 SUSE bug 1085107 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1092904 SUSE bug 1093183 SUSE bug 1094353 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097125 SUSE bug 1097234 SUSE bug 1097562 SUSE bug 1098016 SUSE bug 1098658 SUSE bug 1099709 SUSE bug 1099924 SUSE bug 1099942 SUSE bug 1100091 SUSE bug 1100132 SUSE bug 1100418 SUSE bug 1102087 SUSE bug 1103884 SUSE bug 1103909 SUSE bug 1104365 SUSE bug 1104475 SUSE bug 1104684 SUSE bug 909361 CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. This feature was added: - Support for the 2017 Intel Purley platform. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296) - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608) - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932) The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg. - AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs. - ALSA: hda - Add Intel Lewisburg device IDs Audio. - avoid dentry crash triggered by NFS (bsc#984194). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - fs/select: introduce SIZE_MAX (bsc#1000189). - i2c: i801: add Intel Lewisburg device IDs. - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - libfc: sanity check cpu number extracted from xid (bsc#988440). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - md: lockless I/O submission for RAID1 (bsc#982783). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - ppp: defer netns reference release for ppp channel (bsc#980371). - random32: add prandom_u32_max (bsc#989152). - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - s390/dasd: fix hanging device after clear subchannel (bnc#994436). - sata: Adding Intel Lewisburg device IDs for SATA. - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-are.patch (add bsc#732582 reference). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: don't deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). Important SUSE bug 1000189 SUSE bug 1001419 SUSE bug 1002165 SUSE bug 1004418 SUSE bug 732582 SUSE bug 839104 SUSE bug 843236 SUSE bug 909994 SUSE bug 911687 SUSE bug 915183 SUSE bug 920016 SUSE bug 934760 SUSE bug 951392 SUSE bug 956514 SUSE bug 960689 SUSE bug 963655 SUSE bug 971975 SUSE bug 971989 SUSE bug 974620 SUSE bug 976867 SUSE bug 977687 SUSE bug 979514 SUSE bug 979595 SUSE bug 979681 SUSE bug 980371 SUSE bug 982218 SUSE bug 982783 SUSE bug 983535 SUSE bug 983619 SUSE bug 984102 SUSE bug 984194 SUSE bug 984992 SUSE bug 985206 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 987565 SUSE bug 988440 SUSE bug 989152 SUSE bug 989261 SUSE bug 989779 SUSE bug 991608 SUSE bug 991665 SUSE bug 991923 SUSE bug 992566 SUSE bug 993127 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994436 SUSE bug 994618 SUSE bug 994759 SUSE bug 994926 SUSE bug 996329 SUSE bug 996664 SUSE bug 997708 SUSE bug 998399 SUSE bug 999584 SUSE bug 999600 SUSE bug 999932 CVE-2013-4312 CVE-2015-7513 CVE-2016-0823 CVE-2016-3841 CVE-2016-4997 CVE-2016-5195 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 CVE-2016-7425 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - : Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - : Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082) - : Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895) - : The do_get_mempolicy function allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Avoid quadratic search when freeing delegations (bsc#1084760). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected - Btrfs: fix -ENOSPC on block group removal - Btrfs: fix -ENOSPC when finishing block group creation - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use - Btrfs: fix freeing used extent after removing empty block group - Btrfs: fix freeing used extents after removing empty block group - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation - Btrfs: fix race between scrub and block group deletion - Btrfs: fix race between transaction commit and empty block group removal - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix uninitialized variable warning in __extent_writepage Fixes fs/btrfs/extent_io.c:2861: warning: 'ret' may be used uninitialized in this function - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM - Btrfs: make btrfs_issue_discard return bytes discarded - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - Fix for bsc#1092497 - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - IB/mlx4: Convert slave port before building address-handle (bug#919382). - KABI protect struct _lowcore (bsc#1089386). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - NFS: add nostatflush mount option (bsc#1065726). - NFS: allow flush-on-stat to be disabled (bsc#1065726). - Refresh patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch. Fix bnc#1097948. - Revert 'NFS: allow flush-on-stat to be disabled (bsc#1065726).' - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - USB: hub: fix SS hub-descriptor handling (bsc#1092372). - Update config files, add Spectre mitigation for s390x (bnc#1089386, ). - Update s390 config files (bsc#1089386). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - config.sh: set BUGZILLA_PRODUCT for SLE11-SP4 - constraints: ppc64 does not build with 2.5G memory - fanotify: fix logic of events on child (bsc#1013018). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689). - kABI: work around BPF SSBD removal (bsc#1087082). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746, ). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - kvm/x86: fix icebp instruction handling (bsc#1087088). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018). - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (bsc#1093710). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, ). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746, ). - s390/dasd: fix IO error for newly defined devices (bnc#1091659, ). - s390/dasd: fix failing path verification (bnc#1096746, ). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, ). - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, ). - s390: add automatic detection of the spectre defense (bnc#1089386, ). - s390: add optimized array_index_mask_nospec (bnc#1089386, ). - s390: add sysfs attributes for spectre (bnc#1089386, ). - s390: correct module section names for expoline code revert (bsc#1089386). - s390: correct nospec auto detection init order (bnc#1089386, ). - s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, ). - s390: fix retpoline build on 31bit (bsc#1089386). - s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, ). - s390: introduce execute-trampolines for branches (bnc#1089386, ). - s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, ). - s390: report spectre mitigation via syslog (bnc#1089386, ). - s390: run user space and KVM guests with modified branch prediction (bnc#1089386, ). - s390: scrub registers on kernel entry and KVM exit (bnc#1089386, ). - series.conf: fix the header It was corrupted back in 2015. - trace: module: Maintain a valid user count (bsc#1097443). - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - x86, mce: Fix mce_start_timer semantics (bsc#1090607). - x86/Xen: disable IBRS around CPU stopper function invocation (none so far). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). Important SUSE bug 1013018 SUSE bug 1046610 SUSE bug 1052351 SUSE bug 1052943 SUSE bug 1065726 SUSE bug 1068032 SUSE bug 1068054 SUSE bug 1070404 SUSE bug 1072689 SUSE bug 1075087 SUSE bug 1075088 SUSE bug 1079152 SUSE bug 1080157 SUSE bug 1080837 SUSE bug 1083347 SUSE bug 1084760 SUSE bug 1087082 SUSE bug 1087086 SUSE bug 1087088 SUSE bug 1087092 SUSE bug 1088343 SUSE bug 1088997 SUSE bug 1088998 SUSE bug 1088999 SUSE bug 1089000 SUSE bug 1089001 SUSE bug 1089002 SUSE bug 1089003 SUSE bug 1089004 SUSE bug 1089005 SUSE bug 1089006 SUSE bug 1089007 SUSE bug 1089008 SUSE bug 1089010 SUSE bug 1089011 SUSE bug 1089012 SUSE bug 1089013 SUSE bug 1089016 SUSE bug 1089192 SUSE bug 1089199 SUSE bug 1089200 SUSE bug 1089201 SUSE bug 1089202 SUSE bug 1089203 SUSE bug 1089204 SUSE bug 1089205 SUSE bug 1089206 SUSE bug 1089207 SUSE bug 1089208 SUSE bug 1089209 SUSE bug 1089210 SUSE bug 1089211 SUSE bug 1089212 SUSE bug 1089213 SUSE bug 1089214 SUSE bug 1089215 SUSE bug 1089216 SUSE bug 1089217 SUSE bug 1089218 SUSE bug 1089219 SUSE bug 1089220 SUSE bug 1089221 SUSE bug 1089222 SUSE bug 1089223 SUSE bug 1089224 SUSE bug 1089225 SUSE bug 1089226 SUSE bug 1089227 SUSE bug 1089228 SUSE bug 1089229 SUSE bug 1089230 SUSE bug 1089231 SUSE bug 1089232 SUSE bug 1089233 SUSE bug 1089234 SUSE bug 1089235 SUSE bug 1089236 SUSE bug 1089237 SUSE bug 1089238 SUSE bug 1089239 SUSE bug 1089240 SUSE bug 1089241 SUSE bug 1089386 SUSE bug 1089895 SUSE bug 1090607 SUSE bug 1090630 SUSE bug 1090888 SUSE bug 1091041 SUSE bug 1091659 SUSE bug 1091671 SUSE bug 1091755 SUSE bug 1091815 SUSE bug 1092372 SUSE bug 1092497 SUSE bug 1093194 SUSE bug 1093195 SUSE bug 1093196 SUSE bug 1093197 SUSE bug 1093198 SUSE bug 1093600 SUSE bug 1093710 SUSE bug 1094019 SUSE bug 1094244 SUSE bug 1094421 SUSE bug 1094422 SUSE bug 1094423 SUSE bug 1094424 SUSE bug 1094425 SUSE bug 1094436 SUSE bug 1094437 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096746 SUSE bug 1097443 SUSE bug 1097445 SUSE bug 1097948 SUSE bug 919382 SUSE bug 973378 SUSE bug 989401 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 CVE-2018-3665 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351) The following non-security bugs were fixed: - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538). - ALSA: seq: Do not allow resizing pool in use (bsc#1045538). - Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078) - IB/mlx4: fix sprintf format warning (bnc#786036). - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036). - USB: uss720: fix NULL-deref at probe (bnc#1047487). - bna: integer overflow bug in debugfs (bnc#780242). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495). - fix a leak in /proc/schedstats (bsc#1094876). - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301). - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes). - module/retpoline: Warn about missing retpoline in module (bnc#1099177). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036). - net/mlx4_en: Change default QoS settings (bnc#786036). - net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105). - netxen: fix incorrect loop counter decrement (bnc#784815). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - s390/qdio: do not merge ERROR output buffers (bnc#1099709). - s390/qeth: do not dump control cmd twice (bnc#1099709). - s390/qeth: fix SETIP command handling (bnc#1099709). - s390/qeth: free netdevice when removing a card (bnc#1099709). - s390/qeth: lock read device while queueing next buffer (bnc#1099709). - s390/qeth: when thread completes, wake up all waiters (bnc#1099709). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: sg: mitigate read/write abuse (bsc#1101296). - tg3: do not clear stats while tg3_close (bnc#790588). - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966). - vmxnet3: use correct flag to indicate LRO feature (bsc#936423). - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408). - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086 bnc#1100091 bnc#1099598). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177). - xen/x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (bsc#1068032). Important SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1068032 SUSE bug 1087086 SUSE bug 1090078 SUSE bug 1094244 SUSE bug 1094876 SUSE bug 1098408 SUSE bug 1099177 SUSE bug 1099598 SUSE bug 1099709 SUSE bug 1099966 SUSE bug 1100089 SUSE bug 1100091 SUSE bug 1101296 SUSE bug 780242 SUSE bug 784815 SUSE bug 786036 SUSE bug 790588 SUSE bug 795301 SUSE bug 902351 SUSE bug 909495 SUSE bug 923242 SUSE bug 925105 SUSE bug 936423 CVE-2014-3688 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux RT Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to 3.0.101-rt130-69.39 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). - CVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829). The following non-security bugs were fixed: - Btrfs: fix deadlock when finalizing block group creation (bsc#1107849). - Btrfs: fix quick exhaustion of the system array in the superblock (bsc#1107849). - FS-Cache: Synchronise object death state change vs operation submission (bsc#1107371). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - KVM: Disable irq while unregistering user notifier (bsc#1106240). - KVM: SVM: obey guest PAT (bsc#1106240). - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (bsc#1106240). - KVM: emulate: fix CMPXCHG8B on 32-bit hosts (bsc#1106240). - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bsc#1106240). - KVM: x86: fix use of uninitialized memory as segment descriptor in emulator (bsc#1106240). - KVM: x86: zero base3 of unusable segments (bsc#1106240). - NFS - do not hang if xdr decoded username is bad (bsc#1105799). - NFSv4.1 - Do not leak IO size from one mount to another (bsc#1103145). - PCI/AER: Report non-fatal errors only to the affected endpoint (bsc#1109806). - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - PCI: shpchp: Check bridge's secondary (not primary) bus speed (bsc#1109806). - PCI: shpchp: Fix AMD POGO identification (bsc#1109806). - add kernel parameter to disable failfast on block devices (bsc#1081680). - block: add flag QUEUE_FLAG_REGISTERED (bsc#1047027). - block: allow gendisk's request_queue registration to be deferred (bsc#1047027). - crypto: ghash-clmulni-intel - use C implementation for setkey() (bsc#1110006). - dm: fix incomplete request_queue initialization (bsc#1047027). - dm: only initialize the request_queue once (bsc#1047027). - firmware/ihex2fw.c: restore missing default in switch statement (bsc#1114460). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (git-fixes). - locks: fix unlock when fcntl_setlk races with a close (git-fixes). - media: Fix invalid free in the fix for mceusb (bsc#1050431). - media: cx25821: prevent out-of-bounds read on array card (bsc#1050431). - media: ite-cir: initialize use_demodulator before using it (bsc#1050431). - media: mceusb: fix NULL-deref at probe (bsc#1050431). - media: mceusb: fix memory leaks in error path. - percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree() (git fixes). - powerpc, KVM: Rework KVM checks in first-level interrupt handlers (bsc#1094244). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bsc#1064861). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/asm: Mark cr0 as clobbered in mftb() (bsc#1049128). - powerpc/book3s: Introduce a early machine check hook in cpu_spec (bsc#1094244). - powerpc/book3s: Introduce exclusive emergency stack for machine check exception (bsc#1094244). - powerpc/book3s: Split the common exception prolog logic into two section (bsc#1094244). - powerpc/book3s: handle machine check in Linux host (bsc#1094244). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/pseries: Avoid using the size greater than (bsc#1094244). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc: Add a symbol for hypervisor trampolines (bsc#1094244). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - powerpc: Make load_hander handle upto 64k offset (bsc#1094244). - powerpc: Rework runlatch code (bsc#1094244). - powerpc: Save CFAR before branching in interrupt entry paths (bsc#1094244). - powerpc: cputable: KABI - hide new cpu_spec member from genksyms (bsc#1094244). - powerpc: move MCE handler out-of-line and consolidate with machine_check_fwnmi (bsc#1094244). - powerpc: move stab code into #ifndef CONFIG_POWER4_ONLY (bsc#1094244). - powerpc: replace open-coded EXCEPTION_PROLOG_1 with the macro in slb miss handlers (bsc#1094244). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108314, LTC#171326). - s390/sclp: Change SCLP console default buffer-full behavior (bnc#1108314, LTC#171049). - scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (bsc#1106139). - scsi: libfc: Do not login if the port is already started (bsc#1106139). - scsi: libfc: do not advance state machine for incoming FLOGI (bsc#1106139). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#923775). - signals: avoid unnecessary taking of sighand->siglock (bsc#1110247). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). Important SUSE bug 1031240 SUSE bug 1047027 SUSE bug 1049128 SUSE bug 1050431 SUSE bug 1064861 SUSE bug 1065600 SUSE bug 1066674 SUSE bug 1071021 SUSE bug 1081680 SUSE bug 1094244 SUSE bug 1094825 SUSE bug 1103145 SUSE bug 1105799 SUSE bug 1106139 SUSE bug 1106240 SUSE bug 1107371 SUSE bug 1107829 SUSE bug 1107849 SUSE bug 1108314 SUSE bug 1108498 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1110006 SUSE bug 1110247 SUSE bug 1113337 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114460 SUSE bug 923775 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-14633 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-9516 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for kernel modules packages (Moderate) SUSE Linux Enterprise Real Time Extension 11 SP4 The following kernel modules were rebuild with 'retpoline' enablement to allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032) OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband (bsc#926856). Moderate SUSE bug 1068032 SUSE bug 926856 CVE-2017-5715 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for various KMPs (Moderate) SUSE Linux Enterprise Real Time Extension 11 SP4 This update rebuilds missing kernel modules (KMP) to use 'retpolines' mitigations for Spectre Variant 2 (CVE-2017-5715). Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm Moderate SUSE bug 1095824 CVE-2017-5715 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: oxygen: add Xonar DGX support (bsc#982691). - Assign correct ->can_queue value in hv_storvsc (bnc#969391) - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFS: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - NVMe: Unify controller probe and resume (bsc#979347). - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - hid-elo: kill not flush the work (bnc#982532). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Important SUSE bug 676471 SUSE bug 866130 SUSE bug 909589 SUSE bug 936530 SUSE bug 944309 SUSE bug 950998 SUSE bug 953369 SUSE bug 954847 SUSE bug 956491 SUSE bug 957986 SUSE bug 960857 SUSE bug 961518 SUSE bug 963762 SUSE bug 966245 SUSE bug 967914 SUSE bug 968500 SUSE bug 969149 SUSE bug 969391 SUSE bug 970114 SUSE bug 971030 SUSE bug 971126 SUSE bug 971360 SUSE bug 971446 SUSE bug 971944 SUSE bug 971947 SUSE bug 971989 SUSE bug 973378 SUSE bug 974620 SUSE bug 974646 SUSE bug 974787 SUSE bug 975358 SUSE bug 976739 SUSE bug 976868 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979213 SUSE bug 979274 SUSE bug 979347 SUSE bug 979419 SUSE bug 979548 SUSE bug 979595 SUSE bug 979867 SUSE bug 979879 SUSE bug 979915 SUSE bug 980246 SUSE bug 980371 SUSE bug 980725 SUSE bug 980788 SUSE bug 980931 SUSE bug 981231 SUSE bug 981267 SUSE bug 982532 SUSE bug 982544 SUSE bug 982691 SUSE bug 983143 SUSE bug 983213 SUSE bug 983721 SUSE bug 984107 SUSE bug 984755 SUSE bug 986362 SUSE bug 986572 SUSE bug 988498 CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3707 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Important SUSE bug 1045538 SUSE bug 1048185 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1057199 SUSE bug 1060245 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1080157 SUSE bug 1087081 SUSE bug 1092772 SUSE bug 1092903 SUSE bug 1093666 SUSE bug 1096547 SUSE bug 1098822 SUSE bug 1099922 SUSE bug 1100132 SUSE bug 1100705 SUSE bug 1102517 SUSE bug 1102870 SUSE bug 1103119 SUSE bug 1104481 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1104901 SUSE bug 1105100 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105536 SUSE bug 1105723 SUSE bug 1106095 SUSE bug 1106105 SUSE bug 1106199 SUSE bug 1106202 SUSE bug 1106206 SUSE bug 1106209 SUSE bug 1106212 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106609 SUSE bug 1106886 SUSE bug 1106930 SUSE bug 1106995 SUSE bug 1107001 SUSE bug 1107064 SUSE bug 1107071 SUSE bug 1107650 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107949 SUSE bug 1108096 SUSE bug 1108170 SUSE bug 1108823 SUSE bug 1108912 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Real Time Extension 11 SP4 The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311). The following non-security bugs were fixed: - ALSA: Fix Lewisburg audio issue - Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680) - Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358) - NFS: Cache aggressively when file is open for writing (bsc#1053933). - NFS: Do drop directory dentry when error clearly requires it (bsc#1051932). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933). - NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - NFS: invalidate file size when taking a lock (bsc#1053933). - PCI: fix hotplug related issues (bnc#1054247). - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - avoid deadlock in xenbus (bnc#1047523). - blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - reiserfs: fix race in readdir (bsc#1039803). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247). - s390/pci: fix handling of PEC 306 (bnc#1054247). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247). - s390/pci: improve pci hotplug (bnc#1054247). - s390/pci: improve unreg_ioat error handling (bnc#1054247). - s390/pci: introduce clp_get_state (bnc#1054247). - s390/pci: provide more debug information (bnc#1054247). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - xfs: fix inobt inode allocation search optimization (bsc#1013018). Important SUSE bug 1013018 SUSE bug 1024450 SUSE bug 1031358 SUSE bug 1036629 SUSE bug 1037441 SUSE bug 1037667 SUSE bug 1037669 SUSE bug 1037994 SUSE bug 1039803 SUSE bug 1040609 SUSE bug 1042863 SUSE bug 1045154 SUSE bug 1047523 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1051932 SUSE bug 1052311 SUSE bug 1052370 SUSE bug 1053148 SUSE bug 1053152 SUSE bug 1053802 SUSE bug 1053933 SUSE bug 1054070 SUSE bug 1054076 SUSE bug 1054093 SUSE bug 1054247 SUSE bug 1054706 SUSE bug 1055680 SUSE bug 1056588 SUSE bug 1057179 SUSE bug 1057389 SUSE bug 1058524 SUSE bug 984530 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-10661 CVE-2017-12762 CVE-2017-14051 CVE-2017-14140 CVE-2017-14340 CVE-2017-8831 cpe:/o:suse:suse-linux-enterprise-rt:11:sp4 Security update for compat-openssl097g SUSE Linux Enterprise Server for SAP Applications 11 SP1 This compat-openssl097g rollup update contains various security fixes: * CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL can result in memory corruption during buffer management operations. Security Issue reference: * CVE-2012-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110> SUSE bug 758060 CVE-2012-2110 cpe:/o:suse:sles_sap:11:sp1 Security update for IBM Java 1.4.2 SUSE Linux Enterprise Server for SAP Applications 11 SP1 IBM Java 1.4.2 has been updated to SR13-FP13 that fixes bugs and security issues. Please see for more information: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Additionally one bug has been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly Security Issue references: * CVE-2012-1717 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717> * CVE-2012-1713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713> * CVE-2012-1719 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719> * CVE-2012-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718> SUSE bug 666744 SUSE bug 778943 CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 cpe:/o:suse:sles_sap:11:sp1 Security update for compat-openssl097g SUSE Linux Enterprise Server for SAP Applications 11 SP2 This compat-openssl097g rollup update contains various security fixes: * CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. Security Issue reference: * CVE-2012-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110> SUSE bug 758060 CVE-2012-2110 cpe:/o:suse:sles_sap:11:sp2 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP2 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles_sap:11:sp2 Security update for IBM Java 1.4.2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 IBM Java 1.4.2 has been updated to SR13-FP13 that fixes bugs and security issues. Please see for more information: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Additionally one bug has been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly Security Issue references: * CVE-2012-1717 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717> * CVE-2012-1713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713> * CVE-2012-1719 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719> * CVE-2012-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718> SUSE bug 666744 SUSE bug 778943 CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 cpe:/o:suse:sles_sap:11:sp2 Security update for sap_suse_cluster_connector SUSE Linux Enterprise Server for SAP Applications 11 SP2 A tmp race condition was fixed in sap_suse_cluster_connector. CVE-2012-0426 was assigned to this issue. Additionally some minor non-security fixes are included. Security Issue reference: * CVE-2012-0426 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0426> SUSE bug 763793 SUSE bug 777453 SUSE bug 778273 SUSE bug 778293 CVE-2012-0426 cpe:/o:suse:sles_sap:11:sp2 Security update for compat-openssl097g SUSE Linux Enterprise Server for SAP Applications 11 SP3 OpenSSL was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) Security Issues: * CVE-2015-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789> * CVE-2015-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790> * CVE-2015-4000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000> SUSE bug 929678 SUSE bug 931698 SUSE bug 934489 SUSE bug 934491 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp3 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP3 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles_sap:11:sp3 Security update for compat-openssl097g (Important) SUSE Linux Enterprise Server for SAP Applications 11 SP3 This update for compat-openssl097g fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#976943: Fix buffer overrun in ASN1_parse Important SUSE bug 976942 SUSE bug 976943 SUSE bug 977615 SUSE bug 977617 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles_sap:11:sp3 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP3 This update for compat-openssl097g fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) Moderate SUSE bug 982575 SUSE bug 993819 SUSE bug 995359 SUSE bug 995377 SUSE bug 999665 SUSE bug 999668 CVE-2016-2177 CVE-2016-2182 CVE-2016-2183 CVE-2016-6303 CVE-2016-6306 cpe:/o:suse:sles_sap:11:sp3 Security update for clamsap (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issues: CVE-2015-2278: The LZH decompression implementation allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes. CVE-2015-2282: Stack-based buffer overflow in the LZC decompression implementation allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors Moderate SUSE bug 935939 CVE-2015-2278 CVE-2015-2282 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Important) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Important SUSE bug 963415 SUSE bug 968046 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Important) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#976943: Fix buffer overrun in ASN1_parse Important SUSE bug 976942 SUSE bug 976943 SUSE bug 977615 SUSE bug 977617 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) Moderate SUSE bug 982575 SUSE bug 993819 SUSE bug 995359 SUSE bug 995377 SUSE bug 999665 SUSE bug 999668 CVE-2016-2177 CVE-2016-2182 CVE-2016-2183 CVE-2016-6303 CVE-2016-6306 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - resume reading from /dev/urandom when interrupted by a signal (bsc#995075) - fix crash in print_notice (bsc#998190) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1021641 SUSE bug 995075 SUSE bug 998190 CVE-2016-2108 CVE-2016-8610 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could have resulted in DoS (bsc#1087102) This non-security issue was fixed: - Fixed crash in DES_fcrypt (bsc#1065363) Moderate SUSE bug 1065363 SUSE bug 1087102 SUSE bug 1097158 CVE-2018-0732 CVE-2018-0739 cpe:/o:suse:sles_sap:11:sp4 Security update for compat-openssl097g (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). Non-security issue fixed: - Fixed timing vulnerability in DSA signature generation (bsc#1113742). Moderate SUSE bug 1110018 SUSE bug 1113742 CVE-2016-8610 cpe:/o:suse:sles_sap:11:sp4 Security update for lighttpd (Moderate) SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests. (bsc#990847) - CVE-2015-3200: Log injection via malformed base64 string in Authentication header. (bsc#932286) Bug fixes: - Add su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - Fix out of bounds read in mod_scgi. Moderate SUSE bug 932286 SUSE bug 981347 SUSE bug 990847 CVE-2015-3200 CVE-2016-1000212 cpe:/o:suse:sles_sap:11:sp4 Security update for SUSE Manager client tools SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS This update fixes the following issue: * support new function signature for image deployment. * fixed insecure permissions used for /var/log/rhncfg-actions file Security Issue reference: * CVE-2012-2679 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2679> SUSE bug 764532 SUSE bug 766148 CVE-2012-2679 cpe:/a:suse:sle-clienttools:11:sp1 Security update for cobbler SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS This update of cobbler fixes a remote code execution flaw which could have been exploited through cobbler's XMLRPC API (CVE-2012-2395). Security Issue references: * CVE-2012-2395 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2395> SUSE bug 763610 CVE-2012-2395 cpe:/a:suse:sle-clienttools:11:sp1 Security update for spacewalk SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS This update adds the following two fixes: * Do not create ssh key in rpm %post script (bnc#678130) * the bootstrap script should force the installation of ORG_CA_CERT rpm * Set a time delay even after unsuccessful logins, which previously allowed a remote attacker to guess account names. CVE-2011-0718 has been assigned to this issue. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Security Issue reference: * CVE-2011-0718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0718> SUSE bug 644072 SUSE bug 678130 CVE-2011-0718 cpe:/a:suse:sle-clienttools:11:sp1 Security update for spacewalk SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS This update fixes the following bugs in the web user interface: * link the local documentation instead of the online versions * Leave out the proxy version check * fix navigation on the help page * shorten the action name before writing them to the database * Fix session handling. A SUSE Manager user able to pre-set the session cookie in a victim's browser to a valid value could use this flaw to hijack the victim's session after the next log in. (CVE-2011-0717) * Set a time delay even after unsuccessful logins, which previously allowed a remote attacker to guess account names (CVE-2011-0718). * Add missing dependencies How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Security Issue reference: * CVE-2011-0718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0718> * CVE-2011-0717 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0717> SUSE bug 644072 SUSE bug 644080 SUSE bug 674315 SUSE bug 674344 SUSE bug 675021 SUSE bug 676677 SUSE bug 676699 SUSE bug 676718 SUSE bug 678126 CVE-2011-0717 CVE-2011-0718 cpe:/a:suse:sle-clienttools:11:sp1 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) spacecmd: - Improve output on error for listrepo. (bsc#1027426) - Reword spacecmd removal message. (bsc#1024406) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files directory beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS environment variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store directory mod to 775 and group owner to susemanager. - incomplete_package_import: Do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) Moderate SUSE bug 1023233 SUSE bug 1024406 SUSE bug 1024714 SUSE bug 1025312 SUSE bug 1026633 SUSE bug 1027426 SUSE bug 1029755 SUSE bug 1031667 SUSE bug 1032256 CVE-2017-7470 cpe:/a:suse:sle-clienttools:11:sp3 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update fixes the following issues: mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: - Fix missing python 3 ugettext (bsc#1138494) - Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) python-gzipstream: - SPEC cleanup - add makefile and pylint configuration - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Bugfix: referenced variable before assignment. - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with 'dists' keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to 'registration.register_osad' (bsc#1138822) - Do not duplicate 'http://' protocol when using proxies with 'deb' repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Add support for ULN repositories on new Zypper based reposync. - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: - Add RHEL8 Moderate SUSE bug 1103696 SUSE bug 1104034 SUSE bug 1130040 SUSE bug 1135881 SUSE bug 1136029 SUSE bug 1136480 SUSE bug 1137715 SUSE bug 1137940 SUSE bug 1138313 SUSE bug 1138358 SUSE bug 1138494 SUSE bug 1138822 SUSE bug 1139453 SUSE bug 1142038 SUSE bug 1143856 SUSE bug 1144155 SUSE bug 1144889 SUSE bug 1148125 SUSE bug 1148177 SUSE bug 1148311 CVE-2019-10136 cpe:/a:suse:sle-clienttools:11:sp3 Security update for SUSE Manager Client Tools (Critical) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing '=', e.g. kernel params containing '=' (bsc#1176978) mgr-daemon: - Update translation strings salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead Critical SUSE bug 1167907 SUSE bug 1169664 SUSE bug 1176978 SUSE bug 1178319 SUSE bug 1178361 SUSE bug 1178362 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 cpe:/a:suse:sle-clienttools:11:sp3 Security update for SUSE Manager Client Tools (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update fixes the following issues: golang-github-wrouesnel-postgres_exporter: - Add support for aarch64 mgr-cfg: - SPEC: Updated Python definitions for RHEL8 and quoted text comparisons. mgr-custom-info: - Update package version to 4.2.0 mgr-daemon: - Update translation strings - Update the translations from weblate - Added quotes around %{_vendor} token for the if statements in spec file. - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) - Updating translations from weblate mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) - Python fixes - Removal of RHEL5 mgr-push: - Defined __python for python2. - Excluded RHEL8 for Python 2 build. mgr-virtualization: - Update package version to 4.2.0 rhnlib: - Update package version to 4.2.0 salt: - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) spacecmd: - Rename system migration to system transfer - Rename SP to product migration - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Fix spacecmd compat with Python 3 - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) - Fixed 'non-advanced' package search when using multiple package names (bsc#1180584) - Update translations - Fix: make spacecmd build on Debian - Add Service Pack migration operations (bsc#1173557) spacewalk-client-tools: - Update the translations from weblate - Drop the --noSSLServerURL option - Updated RHEL Python requirements. - Added quotes around %{_vendor}. spacewalk-koan: - Fix for spacewalk-koan test spacewalk-oscap: - Update package version to 4.2.0 spacewalk-remote-utils: - Update package version to 4.2.0 supportutils-plugin-susemanager-client: - Update package version to 4.2.0 suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 - Adapted for RHEL build. uyuni-base: - Added Apache as prerequisite for RHEL and Fedora (due to required users). - Removed RHEL specific folder rights from SPEC file. - Added RHEL8 compatibility. uyuni-common-libs: - Cleaning up unused Python 2 build leftovers. - Disabled debug package build. Important SUSE bug 1173557 SUSE bug 1177884 SUSE bug 1177928 SUSE bug 1180583 SUSE bug 1180584 SUSE bug 1180585 SUSE bug 1185178 SUSE bug 1185281 CVE-2021-31607 cpe:/a:suse:sle-clienttools:11:sp3 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update fixes the following issues: salt: - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) spacecmd: - Version 4.2.13-1 * Update translation strings * configchannel_updatefile handles directory properly (bsc#1190512) * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) spacewalk-client-tools: - Version 4.2.14-1 * Update translation strings Moderate SUSE bug 1181223 SUSE bug 1188977 SUSE bug 1190265 SUSE bug 1190512 CVE-2021-21996 cpe:/a:suse:sle-clienttools:11:sp3 Security update for cobbler (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for cobbler fixes the following issues: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) - Fix for calling koan with virt_type kvm. (bsc#1090205) Moderate SUSE bug 1074594 SUSE bug 1090205 CVE-2017-1000469 cpe:/a:suse:sle-clienttools:11:sp3 Security update for cobbler (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for cobbler fixes the following issues: Security issue fixed: - CVE-2018-10931: Forbid exposure of private methods in the API (bsc#1104287, bsc#1104189) Important SUSE bug 1104189 SUSE bug 1104287 CVE-2018-10931 cpe:/a:suse:sle-clienttools:11:sp3 Security update for cobbler (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). The following non-security bugs were fixed: - Move configuration files ownership to apache (bsc#1195906) Important SUSE bug 1193671 SUSE bug 1195906 CVE-2021-45083 cpe:/a:suse:sle-clienttools:11:sp3 Security update for python-Jinja2 (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 cpe:/a:suse:sle-clienttools:11:sp3 Security update for python-pycrypto (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for python-pycrypto fixes the following issues: - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420). Important SUSE bug 1017420 CVE-2013-7459 cpe:/a:suse:sle-clienttools:11:sp3 Security update for salt (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955). Additionally, the following non-security issues have been fixed: - Added support for SUSE Manager scalability features. (bsc#1052264) - Introduced the kubernetes module. (bsc#1051948) - Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376) Moderate SUSE bug 1051948 SUSE bug 1052264 SUSE bug 1053376 SUSE bug 1053955 CVE-2017-12791 cpe:/a:suse:sle-clienttools:11:sp3 Security update for Salt (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for salt fixes one security issue and bugs. The following security issues have been fixed: - CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. (bsc#1062462) - CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication request. (bsc#1062464) Additionally, the following non-security issues have been fixed: - Removed deprecation warning for beacon configuration using dictionaries. (bsc#1041993) - Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230) - Fixed minion resource exhaustion when many functions are being executed in parallel. (bsc#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd. (bsc#985112) - Fix for delete_deployment in Kubernetes module. (bsc#1059291) - Catching error when PIDfile cannot be deleted. (bsc#1050003) - Use $HOME to get the user home directory instead using '~' char. (bsc#1042749) Moderate SUSE bug 1041993 SUSE bug 1042749 SUSE bug 1050003 SUSE bug 1059291 SUSE bug 1059758 SUSE bug 1060230 SUSE bug 1062462 SUSE bug 1062464 SUSE bug 985112 CVE-2017-14695 CVE-2017-14696 cpe:/a:suse:sle-clienttools:11:sp3 Security update for salt (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for salt fixes the following issues: Salt was updated to version 2016.11.10 and contains the following fixes: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Important SUSE bug 1113698 SUSE bug 1113699 CVE-2018-15750 CVE-2018-15751 cpe:/a:suse:sle-clienttools:11:sp3 Security update for salt (Critical) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) Critical SUSE bug 1181550 SUSE bug 1181556 SUSE bug 1181557 SUSE bug 1181558 SUSE bug 1181559 SUSE bug 1181560 SUSE bug 1181561 SUSE bug 1181562 SUSE bug 1181563 SUSE bug 1181564 SUSE bug 1181565 SUSE bug 1182740 CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 cpe:/a:suse:sle-clienttools:11:sp3 Security update for Salt (Moderate) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Moderate SUSE bug 1011800 SUSE bug 1012999 SUSE bug 1017078 SUSE bug 1020831 SUSE bug 1022562 SUSE bug 1025896 SUSE bug 1027240 SUSE bug 1027722 SUSE bug 1030009 SUSE bug 1030073 SUSE bug 1032931 SUSE bug 1035912 SUSE bug 1035914 SUSE bug 1036125 SUSE bug 1038855 SUSE bug 1039370 SUSE bug 1040584 SUSE bug 1040886 SUSE bug 1043111 CVE-2017-5200 CVE-2017-8109 cpe:/a:suse:sle-clienttools:11:sp3 Security update for zeromq (Important) SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Important SUSE bug 1140255 CVE-2019-13132 cpe:/a:suse:sle-clienttools:11:sp3 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) spacecmd: - Improve output on error for listrepo. (bsc#1027426) - Reword spacecmd removal message. (bsc#1024406) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files directory beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS environment variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store directory mod to 775 and group owner to susemanager. - incomplete_package_import: Do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) Moderate SUSE bug 1023233 SUSE bug 1024406 SUSE bug 1024714 SUSE bug 1025312 SUSE bug 1026633 SUSE bug 1027426 SUSE bug 1029755 SUSE bug 1031667 SUSE bug 1032256 CVE-2017-7470 cpe:/a:suse:sle-clienttools:11:sp4 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update fixes the following issues: mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: - Fix missing python 3 ugettext (bsc#1138494) - Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) python-gzipstream: - SPEC cleanup - add makefile and pylint configuration - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Bugfix: referenced variable before assignment. - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with 'dists' keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to 'registration.register_osad' (bsc#1138822) - Do not duplicate 'http://' protocol when using proxies with 'deb' repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Add support for ULN repositories on new Zypper based reposync. - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: - Add RHEL8 Moderate SUSE bug 1103696 SUSE bug 1104034 SUSE bug 1130040 SUSE bug 1135881 SUSE bug 1136029 SUSE bug 1136480 SUSE bug 1137715 SUSE bug 1137940 SUSE bug 1138313 SUSE bug 1138358 SUSE bug 1138494 SUSE bug 1138822 SUSE bug 1139453 SUSE bug 1142038 SUSE bug 1143856 SUSE bug 1144155 SUSE bug 1144889 SUSE bug 1148125 SUSE bug 1148177 SUSE bug 1148311 CVE-2019-10136 cpe:/a:suse:sle-clienttools:11:sp4 Security update for SUSE Manager Client Tools (Critical) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing '=', e.g. kernel params containing '=' (bsc#1176978) mgr-daemon: - Update translation strings salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead Critical SUSE bug 1167907 SUSE bug 1169664 SUSE bug 1176978 SUSE bug 1178319 SUSE bug 1178361 SUSE bug 1178362 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 cpe:/a:suse:sle-clienttools:11:sp4 Security update for SUSE Manager Client Tools (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update fixes the following issues: golang-github-wrouesnel-postgres_exporter: - Add support for aarch64 mgr-cfg: - SPEC: Updated Python definitions for RHEL8 and quoted text comparisons. mgr-custom-info: - Update package version to 4.2.0 mgr-daemon: - Update translation strings - Update the translations from weblate - Added quotes around %{_vendor} token for the if statements in spec file. - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) - Updating translations from weblate mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) - Python fixes - Removal of RHEL5 mgr-push: - Defined __python for python2. - Excluded RHEL8 for Python 2 build. mgr-virtualization: - Update package version to 4.2.0 rhnlib: - Update package version to 4.2.0 salt: - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) spacecmd: - Rename system migration to system transfer - Rename SP to product migration - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Fix spacecmd compat with Python 3 - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) - Fixed 'non-advanced' package search when using multiple package names (bsc#1180584) - Update translations - Fix: make spacecmd build on Debian - Add Service Pack migration operations (bsc#1173557) spacewalk-client-tools: - Update the translations from weblate - Drop the --noSSLServerURL option - Updated RHEL Python requirements. - Added quotes around %{_vendor}. spacewalk-koan: - Fix for spacewalk-koan test spacewalk-oscap: - Update package version to 4.2.0 spacewalk-remote-utils: - Update package version to 4.2.0 supportutils-plugin-susemanager-client: - Update package version to 4.2.0 suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 - Adapted for RHEL build. uyuni-base: - Added Apache as prerequisite for RHEL and Fedora (due to required users). - Removed RHEL specific folder rights from SPEC file. - Added RHEL8 compatibility. uyuni-common-libs: - Cleaning up unused Python 2 build leftovers. - Disabled debug package build. Important SUSE bug 1173557 SUSE bug 1177884 SUSE bug 1177928 SUSE bug 1180583 SUSE bug 1180584 SUSE bug 1180585 SUSE bug 1185178 SUSE bug 1185281 CVE-2021-31607 cpe:/a:suse:sle-clienttools:11:sp4 Security update for SUSE Manager Client Tools (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update fixes the following issues: salt: - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) spacecmd: - Version 4.2.13-1 * Update translation strings * configchannel_updatefile handles directory properly (bsc#1190512) * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) spacewalk-client-tools: - Version 4.2.14-1 * Update translation strings Moderate SUSE bug 1181223 SUSE bug 1188977 SUSE bug 1190265 SUSE bug 1190512 CVE-2021-21996 cpe:/a:suse:sle-clienttools:11:sp4 Security update for cobbler (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for cobbler fixes the following issues: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) - Fix for calling koan with virt_type kvm. (bsc#1090205) Moderate SUSE bug 1074594 SUSE bug 1090205 CVE-2017-1000469 cpe:/a:suse:sle-clienttools:11:sp4 Security update for cobbler (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for cobbler fixes the following issues: Security issue fixed: - CVE-2018-10931: Forbid exposure of private methods in the API (bsc#1104287, bsc#1104189) Important SUSE bug 1104189 SUSE bug 1104287 CVE-2018-10931 cpe:/a:suse:sle-clienttools:11:sp4 Security update for cobbler (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). The following non-security bugs were fixed: - Move configuration files ownership to apache (bsc#1195906) Important SUSE bug 1193671 SUSE bug 1195906 CVE-2021-45083 cpe:/a:suse:sle-clienttools:11:sp4 Security update for python-Jinja2 (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 cpe:/a:suse:sle-clienttools:11:sp4 Security update for python-pycrypto (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for python-pycrypto fixes the following issues: - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420). Important SUSE bug 1017420 CVE-2013-7459 cpe:/a:suse:sle-clienttools:11:sp4 Security update for salt (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for salt fixes one security issue and bugs. The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955). Additionally, the following non-security issues have been fixed: - Added support for SUSE Manager scalability features. (bsc#1052264) - Introduced the kubernetes module. (bsc#1051948) - Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376) Moderate SUSE bug 1051948 SUSE bug 1052264 SUSE bug 1053376 SUSE bug 1053955 CVE-2017-12791 cpe:/a:suse:sle-clienttools:11:sp4 Security update for Salt (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for salt fixes one security issue and bugs. The following security issues have been fixed: - CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. (bsc#1062462) - CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication request. (bsc#1062464) Additionally, the following non-security issues have been fixed: - Removed deprecation warning for beacon configuration using dictionaries. (bsc#1041993) - Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230) - Fixed minion resource exhaustion when many functions are being executed in parallel. (bsc#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd. (bsc#985112) - Fix for delete_deployment in Kubernetes module. (bsc#1059291) - Catching error when PIDfile cannot be deleted. (bsc#1050003) - Use $HOME to get the user home directory instead using '~' char. (bsc#1042749) Moderate SUSE bug 1041993 SUSE bug 1042749 SUSE bug 1050003 SUSE bug 1059291 SUSE bug 1059758 SUSE bug 1060230 SUSE bug 1062462 SUSE bug 1062464 SUSE bug 985112 CVE-2017-14695 CVE-2017-14696 cpe:/a:suse:sle-clienttools:11:sp4 Security update for salt (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for salt fixes the following issues: Salt was updated to version 2016.11.10 and contains the following fixes: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Important SUSE bug 1113698 SUSE bug 1113699 CVE-2018-15750 CVE-2018-15751 cpe:/a:suse:sle-clienttools:11:sp4 Security update for salt (Critical) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) Critical SUSE bug 1181550 SUSE bug 1181556 SUSE bug 1181557 SUSE bug 1181558 SUSE bug 1181559 SUSE bug 1181560 SUSE bug 1181561 SUSE bug 1181562 SUSE bug 1181563 SUSE bug 1181564 SUSE bug 1181565 SUSE bug 1182740 CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 cpe:/a:suse:sle-clienttools:11:sp4 Security update for Salt (Moderate) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Moderate SUSE bug 1011800 SUSE bug 1012999 SUSE bug 1017078 SUSE bug 1020831 SUSE bug 1022562 SUSE bug 1025896 SUSE bug 1027240 SUSE bug 1027722 SUSE bug 1030009 SUSE bug 1030073 SUSE bug 1032931 SUSE bug 1035912 SUSE bug 1035914 SUSE bug 1036125 SUSE bug 1038855 SUSE bug 1039370 SUSE bug 1040584 SUSE bug 1040886 SUSE bug 1043111 CVE-2017-5200 CVE-2017-8109 cpe:/a:suse:sle-clienttools:11:sp4 Security update for zeromq (Important) SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Important SUSE bug 1140255 CVE-2019-13132 cpe:/a:suse:sle-clienttools:11:sp4 Security update for hawk SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Server 11 SP2 hawk has been rebuilt to include updated ruby gems that contain fixes for security issues. rubygem-activesupport-2_3 has been updated to fix the following security issue: * This update also the HTML escaping code in Ruby on Rails. CVE-2012-3464 has been assigned to this issue. rubygem-actionpack-2_3 has been updated to fix the following security issues: * CVE-2012-3465: Malformed HTML is not correctly handled when validating with the strip_tags helper which could result in Cross-site Scripting issues. * CVE-2012-2694, CVE-2012-2660: Unsafe query generation was possible using NULL queries. The included GEM archive package was also adjusted to contain the security fixes available in the unpacked ruby tree. Security Issue references: * CVE-2012-3464 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464> * CVE-2012-3465 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465> SUSE bug 765097 SUSE bug 766791 SUSE bug 775649 SUSE bug 775653 CVE-2012-3464 CVE-2012-3465 cpe:/o:suse:sle-hae:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Linux kernel SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Server 11 SP2 The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a regression introduced by the previous update: * scsi_dh_alua: Incorrect reference counting in the SCSI ALUA initialization code lead to system crashes on boot (bnc#858831). As the update introducing the regression was marked security, this is also marked security even though this bug is not security relevant. SUSE bug 858831 cpe:/o:suse:sle-hae:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for lighttpd SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Server 11 SP2 lighthttpd received fixes for the following security issues: * CVE-2013-4559: lighttpd did not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might have caused lighttpd to run as root if it is restarted and allowed remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. * CVE-2013-4560: Use-after-free vulnerability in lighttpd allowed remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. * CVE-2011-1473: Added support for disabling client side initiated renegotiation to avoid potential computational denial of service (unbalanced computation efforts server vs client). Security Issues: * CVE-2013-4559 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559> * CVE-2013-4560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560> * CVE-2011-1473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473> SUSE bug 801071 SUSE bug 850468 SUSE bug 850469 CVE-2013-4560 cpe:/o:suse:sle-hae:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ImageMagick SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882) SUSE bug 507728 CVE-2009-1882 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313). SUSE bug 500909 CVE-2009-1313 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for NetworkManager SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The NetworkManager configuration was too permissive and allowed any user to read secrets (CVE-2009-0365) or manipulate the configuration of other users (CVE-2009-0578). Additionally a bug where wifi devices didn't work correctly when the machine was booted with killswitch turned on has been fixed. The automatic ethernet connection can now be edited and NetworkManager can now work without ModemManager. SUSE bug 475851 SUSE bug 478080 SUSE bug 479566 SUSE bug 483576 SUSE bug 490004 SUSE bug 490574 CVE-2009-0365 CVE-2009-0578 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for NetworkManager-gnome SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following bugs have been fixed: nm-applet connected to WPA2 Enterprise networks even if the specified CA certificate file didn't exist (CVE-2009-4144). When editing connections in nm-applet the connection object was exported via DBus disclosing potentially sensitive information to local users (CVE-2009-4145). SUSE bug 565549 CVE-2009-4144 CVE-2009-4145 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenEXR SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of OpenEXR fixes several integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721). SUSE bug 527539 CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenOffice_org SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of OpenOffice_org fixes the following security issue: * Arbitrary macros written in Python can be executed by bypassing macro security permissions. CVE-2010-0395 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0395> It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html <http://development.openoffice.org/releases/3.2.1.html> . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. SUSE bug 607095 CVE-2010-0395 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for acl and libacl SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The setfacl tool followed symbolic links in recursive (-R) mode even if the --physical (-P) option was specified (CVE-2009-4411). This has been fixed. SUSE bug 567090 CVE-2009-4411 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Apache 2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following bugs have been fixed: When using a multithreaded MPM Apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). SUSE bug 570127 SUSE bug 586572 CVE-2010-0408 CVE-2010-0434 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for PHP5 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 php 5.1.9 fixes among other things some security issues: - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory (CVE-2008-5498). - the mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754) SUSE bug 471419 SUSE bug 480948 CVE-2008-5498 CVE-2009-0754 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for avahi SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758). This has been fixed. SUSE bug 480865 CVE-2009-0758 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for bzip2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This could have been exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) Security Issue reference: * CVE-2010-0405 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405> SUSE bug 636978 CVE-2010-0405 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Samba SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code (CVE-2010-3069). Additionally the update also contains fixes for the following non-security issues: * bnc#567013 - Failed to join ADS Domain * bnc#592198 - Samba 3.0 / 3.2 doesn't work with Windows 2008 R2 (NTLMv2) * bnc#599873 - SAMBA - Problem using NTLM authentication with 2008R2 * bnc#613459 - winbindd crashes in rpcclisettimeout * bnc#617153 - new printers are not seen in samba with registry Security Issue reference: * CVE-2010-3069 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069> SUSE bug 567013 SUSE bug 583535 SUSE bug 592198 SUSE bug 599873 SUSE bug 613459 SUSE bug 617153 SUSE bug 637218 CVE-2010-3069 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for clamav, clamav-db, clamav-debuginfo, clamav-debugsource SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This clamav version upgrade to 0.95.1 fixes a buffer overflow error in the cli_url_canon() function and a denial of service condition occuring while parsing malformed UPack archives. (cve ids missing still) SUSE bug 493562 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for cpio SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a heap-based buffer overflow flaw that can happen while expanding specially-crafted archive files (CVE-2010-0624). This updates Dat160 Tape Drive density information (bnc#415166) SUSE bug 415166 SUSE bug 579475 CVE-2010-0624 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for cron SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of cron fixes a race condition in crontab that can be used to change the time-stamp of arbitrary files while editing the crontab entry. CVE-2010-0424: CVSS v2 Base Score: 3.6 Additionally the return value of initgroups() is verified now. SUSE bug 580800 CVE-2010-0424 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for CUPS SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted tiff files could cause an integer overflow in the 'imagetops' filter (CVE-2009-0163). SUSE bug 485895 CVE-2009-0163 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for curl SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Arbitrary file access via HTTP-redirect has been fixed in curl. CVE-2009-0037 has been assigned to this issue. SUSE bug 475103 CVE-2009-0037 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Cyrus IMAPD SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. SUSE bug 539877 CVE-2009-3235 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for cyrus-sasl SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of cyrus-sasl improves the output of function sasl_encode64() by appending a 0 for string termination. The impact depends on the application that uses sasl_encode64(). (CVE-2009-0688) SUSE bug 499104 CVE-2009-0688 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for dbus SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. With the previous update wireless networking didn't work anymore on some machines due to stale files in /var/run/dbus/at_console. The dbus init script now cleans up that directory on boot. SUSE bug 443307 SUSE bug 486267 CVE-2008-4311 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for dbus SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A flaw in dbus-glib was fixed that allowed other local programs to bypass the 'access' flag on properties. (CVE-2010-1172) SUSE bug 628607 CVE-2010-1172 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for dhcp-client SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might be caught by the buffer overflow checking in newer distributions. (SLES 10 and 11). SUSE bug 515599 CVE-2009-0692 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for dnsmasq SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a buffer overflow in the TFTP server code of dnsmasq. Please note that the TFTP server is disabled by default. SUSE bug 533710 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for ethereal and wireshark SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Flaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic (CVE-2009-2562). SUSE bug 523718 CVE-2009-2562 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Evolution SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 camel's NTLM SASL authentication mechanism as used by evolution did not properly validate server's challenge packets (CVE-2009-0582). This update also includes the following non-security fixes: - Fixes a critical crasher in mailer component. - Fixes creation of recurrence monthly items in GroupWise. - Includes fixes for some usability issues. SUSE bug 419303 SUSE bug 475541 SUSE bug 477697 SUSE bug 479908 SUSE bug 480091 SUSE bug 484213 CVE-2009-0582 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for evolution-data-server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes following vulnerability: evolution considered S/MIME signatures to be valid even for modified mails (CVE-2009-0547: CVSS v2 Base Score: 5.0). Additionally the following bug has been fixed: A POP3 server sending overly long lines could crash evolution. SUSE bug 475108 SUSE bug 568822 CVE-2009-0547 CVE-2009-0587 CVE-2009-1631 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for expat SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents. SUSE bug 566434 CVE-2009-3560 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for fetchmail SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666) SUSE bug 528746 CVE-2009-2666 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for pidgin SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of pidgin fixes the following issues: - CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user. - CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in. - CVE-2009-3083: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in. - CVE-2009-3084: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in. - CVE-2009-3085: CVSS v2 Base Score: 5.0 Remote denial of service in XMPP plug-in. - CVE-2009-3615: CVSS v2 Base Score: 5.0 Remote denial of service in ICQ plug-in. SUSE bug 535570 SUSE bug 535832 SUSE bug 536602 SUSE bug 548072 CVE-2009-3025 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for freetype2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser. (CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs. SUSE bug 485889 CVE-2009-0946 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for fuse SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A race condition in fusermount allows non-privileged users to umount any file system (CVE-2010-0789). Note: this is a re-release of the previous update with a better patch. SUSE bug 582725 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for GhostScript SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted file could cause a heap-overflow in JBIG2 decoder (CVE-2009-0196), an integer overflow in ICC library (CVE-2009-0792), a buffer overflow in BaseFont writer module (CVE-2008-6679) or crash the CCITTFax decoder (CVE-2007-6725). The previous security update introduced a regression that broke some printer drives. This new update fixes that issue. SUSE bug 489622 SUSE bug 491897 SUSE bug 492765 CVE-2007-6725 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for glib2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Large strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-4316). SUSE bug 449927 CVE-2008-4316 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for glibc SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of glibc fixes various bugs and security issues: * CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless. * CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges. * CVE-2010-0830: Integer overflow causing arbitrary code execution in ld.so --verify mode could be induced by a specially crafted binary. * CVE-2010-0296: The addmntent() function would not escape the newline character properly, allowing the user to insert arbitrary newlines to the /etc/mtab; if the addmntent() is run by a setuid mount binary that does not do extra input checking, this would allow custom entries to be inserted in /etc/mtab. * CVE-2008-1391: The strfmon() function contains an integer overflow vulnerability in width specifiers handling that could be triggered by an attacker that can control the format string passed to strfmon(). * CVE-2010-0015: Some setups (mainly Solaris-based legacy setups) include shadow information (password hashes) as so-called 'adjunct passwd' table, mangling it with the rest of passwd columns instead of keeping it in the shadow table. Normally, Solaris will disclose this information only to clients bound to a priviledged port, but when nscd is deployed on the client, getpwnam() would disclose the password hashes to all users. New mode 'adjunct as shadow' can now be enabled in /etc/default/nss that will move the password hashes from the world-readable passwd table to emulated shadow table (that is not cached by nscd). Some invalid behaviour, crashes and memory leaks were fixed: * statfs64() would not function properly on IA64 in ia32el emulation mode. * memcpy() and memset() on power6 would erroneously use a 64-bit instruction within 32-bit code in certain corner cases. * nscd would not load /etc/host.conf properly before performing host resolution - most importantly, multi on in /etc/host.conf would be ignored when nscd was used, breaking e.g. resolving records in /etc/hosts where single name would point at multiple addresses * Removed mapping from lowercase sharp s to uppercase sharp S; uppercase S is not a standardly used letter and causes problems for ISO encodings. Some other minor issues were fixed: * glibc-locale now better coexists with sap-locale on upgrades by regenerating the locale/gconv indexes properly. * Ports 623 and 664 may not be allocated by RPC code automatically anymore since that may clash with ports used on some IPMI network cards. * On x86_64, backtrace of a static destructor would stop in the _fini() glibc pseudo-routine, making it difficult to find out what originally triggered the program termination. The routine now has unwind information attached. Security Issue references: * CVE-2010-3847 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847> * CVE-2010-3856 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856> SUSE bug 375315 SUSE bug 445636 SUSE bug 513961 SUSE bug 534828 SUSE bug 541773 SUSE bug 569091 SUSE bug 572188 SUSE bug 585879 SUSE bug 592941 SUSE bug 594263 SUSE bug 615556 SUSE bug 646960 CVE-2010-3847 CVE-2010-3856 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for gmime SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of gmime fixes a buffer overflow in the GMIME_UUENCODE_LEN macro which allowed possible code execution while processing uuencoded data. (CVE-2010-0409: CVSS v2 Base Score: 5.8) SUSE bug 576923 CVE-2010-0409 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for GNOME screensaver SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 SUSE bug 512308 SUSE bug 550695 SUSE bug 563991 SUSE bug 579250 CVE-2010-0285 CVE-2010-0732 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for GnuTLS SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The previous security fix for gnutls (CVE-2008-4989) introduced a regression in the X.509 validation code for self-signed certificates. This update fixes this problem. SUSE bug 457938 CVE-2008-4989 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for gstreamer SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted cover art tags in vorbis files could trigger a heap overflow in the base64 decoder. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-0586). SUSE bug 481479 CVE-2009-0586 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for gstreamer SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer (CVE-2009-1932). SUSE bug 510292 CVE-2009-1932 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for gzip SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following bugs have been fixed: Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624). Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw. SUSE bug 570331 CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for icu SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting (XSS) attacks (CVE-2009-0153). SUSE bug 508070 CVE-2009-0153 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for ipsec-tools SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL-pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632) SUSE bug 498859 SUSE bug 504186 SUSE bug 506710 CVE-2009-1574 CVE-2009-1632 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for iSCSI SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability: * CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) * CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) SUSE bug 592928 SUSE bug 618574 CVE-2010-0743 CVE-2010-2221 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for IBM Java 1.4.2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues: CVE-2008-5350: A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. CVE-2008-5346: A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. CVE-2008-5343: A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. CVE-2008-5344: A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. CVE-2008-5359: A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5339: A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. CVE-2008-5340: A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. CVE-2008-5348: A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. CVE-2008-2086: A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. CVE-2008-5345: The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). CVE-2008-5351: The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding. CVE-2008-5360: The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies. CVE-2008-5353: A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5356: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5354: A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. This vulnerability cannot be exploited by an applet or Java Web Start application. CVE-2008-5357: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5342: A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. SUSE bug 475425 SUSE bug 489052 CVE-2008-2086 CVE-2008-5339 CVE-2008-5340 CVE-2008-5342 CVE-2008-5343 CVE-2008-5344 CVE-2008-5345 CVE-2008-5346 CVE-2008-5348 CVE-2008-5350 CVE-2008-5351 CVE-2008-5353 CVE-2008-5354 CVE-2008-5356 CVE-2008-5357 CVE-2008-5359 CVE-2008-5360 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for BEA Java 1.5.0 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 BEA Java for Itanium has been updated to version 1.5.0.13.1.2. This contains all fixes equivalent to Sun JAVA SE 1.5 Update 11. SUSE bug 472384 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for IBM Java 1.6.0 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update brings the IBM Java 6 JDK and JRE to Service Release 4. It fixes lots of bugs and various security issues: CVE-2008-5341: A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. CVE-2008-5340: A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. CVE-2008-5351: The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding. CVE-2008-5356: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5357: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5358: A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5342: A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. SUSE bug 489052 CVE-2008-5340 CVE-2008-5341 CVE-2008-5342 CVE-2008-5351 CVE-2008-5356 CVE-2008-5357 CVE-2008-5358 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for KDE4 PIM packages SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This kdepim4 and kdepimlibs4 update fixes lots of bugs and one security issue: KMail 4.1.x executes links in mail without confirmation. (no cve assigned yet) It also fixes lots of non-security bugs: kdepim4: - kdepim: make sure we initially create items for subresources - kdepim: fix autocompletion shortcut error - kdepim: reduce linkage - akregator: fix copy text from article view widget (kde#168865) - akregator: fix saving articlelistview settings (kde#176262,bnc#430825) - akregator: improve prev/next unread article behavior when a filter is set (kde#138935) - gpgme: Fix persistent progress dialogs for GPG key ops (kde#169563) - kaddressbook: fix help anchors - kaddressbook: set department and org fields on vcard export - kaddressbook: Fix LDIF import for files with windows linebreaks - kalarm: fix translation not loaded - kalarm: correctly handle failure to create alarm resource - kalarm: Copying alarm to KOrganizer fails when embedded in Kontact (kde#176759) - kalarm: Fix kalarmautostart crash on logout - kalarm: fix click on system tray icon not showing main window - kalarm: disabled from enabled alarm colour when highlighted in alarm list - kalarm: UI fixes - kalarm: signal when work hours change - kalarm: fix command alarms (kde#175623) - kalarm: Fix toolbar settings being lost - kalarm: Fix crash if activated again while restoring from previous session - kalarm: update change log - kalarm: correct system tray icon parent - kalarm: show idle time on correct virtual desktop (kde#153442,kde#174346) - kalarm: ensure alarms shown above full-screen windows - kalarm: Fix invalid alarm remaining in calendar on failure - kjots: fix paste of richtext and tabs becoming spaces bugs (kde#160600,kde#175100) - kmail: fix loss of configured receiving accounts on exit with wallet dialog open (kde#169166) - kmail: do not execute executables when clicking a link, and solve dangling kmmsgbase pointer crash (kde#179765,bnc#490696) - kmail: fix crash when syncing imap flags (kde#106030) - kmail: detect urgent X-Priority correctly - kmail: fix opening zip attachments - kmail: don't show unconfigurable shortcuts in dialog - kmail: fix added subfolders not appearing in the folder selection dialog - kmail: configure dialog UI fixes - kmail: display receiving accounts correctly in config - kmail: unread mail layout bug (bug#174304) - kmail: don't force duplicate add to addressbook (kde#174332) - kmail: remove deprecated spamassassin flag (kde#140032) - kmail: update detected encoding on inserting file in composer (kde#88781) - kmail: fix unreactive encoding change dialog (kde#149309,kde#145163) - kmail: update detected encoding on inserting file in composer (kde#88781) - kmail: fix out of range in parsing mail bug - kmail: various encoding fixes (kde#64815) - kmail: remove spurious assert - kmail: sieve dialog fixes - kmail: missing i18n - kmail: Fix the 'open in addressbook' action - kmail: attachments check fix - kmail: Fix spacing in Configure - kmail: fix inline-forwarding of messages with attachments. (kde#178128,kde#146921) - kmail: don't allow attachment deletion/editing in read-only folders (kolab#3324) - kmail: fix crash when clicking on one of the invitation action links - kmail: fix inline forwarding of multipart/mixed messages - kmail: fix crashing in templates (kde#178038) - knode: fix rules editor crash and saving and loading of scoring rules (kde:170030,kde:175045) - knode: fix incorrect charset header (kde:169411) - knode: safety checks - knotes: various crash fixes - knotes: don't exit when the last window is closed (kde#153244) - kontact: fix help anchors - kontact: fix crash on opening configure dialog (kde#174707) - korganizer: fix task filtering (kde#171205) - korganizer: public holidays for Chile - korganizer: public holidays for Jamaica - korganizer: fix crash when deleting categories with deep subcategories (kde#153740) - korganizer: fix Russian holidays - korganizer: allow to change my status even if I'm the organizer of this event (kolab#3084) - korganizer: Fix crashes on saving new calendar - korganizer: correct Norwegian public holidays - korganizer: calendar scroll widget fixes - korganizer: navigator bar menu fixes - korganizer: navigatorbar - fix selectMonth() to emit the correct month index - korganizer: navigatorbar - layout cleanup - korganizer: indicate when subresources are present - korganizer: fix missing RTL text in monthviews - korganizer: potential setNoActionCursor crash fix - korganizer: navigatorbar - fix jumping labels - korganizer: navigatorbar - fix crash on exit - korganizer: fix alignment of day labels to main matrix - korganizer: make do not show to-dos in monthview work - korganizer: fix crash on removing attendees (kde#172354) - korganizer: fix cancelling imip send - korganizer: fix print crashing (kde#160260) - korganizer: fix print default year - korganizer: fix printing generally - korganizer: fix printing UTC incidences (kde) - korganizer: fix month view doesnt react to key and mouse events (kde#175814) - korganizer: make paste work on actual selection (kde#175814,kde#132863) - korganizer: pasting fix - korganizer: fix sorting todos - korganizer: menu fixes - korganizer: backports to help make Paste work - korganizer: type-ahead event creation ignores ctrl keys - korganizer: robustness work in synchronous address book loading - korganizer: paint the all-day item headers - korganizer: initialise special dates UI correctly - korganizer: disable the configuration area for deselected plugins - korganizer: hide redundant configure plugin button - korganizer: fix agendaview configuration - korganizer: ensure agendaview decoration is selected - korganizer: fix to-do copying - korganizer: todo rich text speedup - korganizer: fix what's next view todo links - korganizer: fix event duplication when moving events with the mouse. - korganizer: fix duplicate default resources (bnc#116351) - korganizer: fix tab order - korganizer: fix performance problems on updateEvents() - korganizer: fix new journal is set to date of the first day of the week/month (kde#170634) - korganizer: fix slow switching calendar views (kde#170993) - korganizer: maintain selected day on view change - korganizer: fix performance problems with month switching (kde#166771) - korganizer: don't load decoration plugins multiple times - korganizer: an attempt at fixing the dreaded crash in paintEvent(). - korganizer: fixes in pasting - korganizer: don't lose last day on setting recurring events - korganizer: updated Slovenian holidays - korganizer: avoid assert when adding attachments - kresources: blog - remove non-working LiveJournal support - kresources: birthdays - complete load sequence - kresources: birthdays - fix alarms - kresources: Write subresource state changes immediately (kolab#3314) - kresources: groupwise - fixes to warn on trying to set up dud local<->remote id mappings - ktimetracker: fix crash when deleting the last task (kde:173543) kdepimlibs4: - fixes a crash on korgac startup triggered when parsing the timezoneId from a null string - libical safety fix - memleak in Generic kmime header - test before delete[] is not needed - fix memleak in knode - fix the kio_sieve related klauncher crashes - return better errors for gpgme write failures and missing passphrases - Fix signing of multiple uids (!= all, though) at the same time - Print the nextState() call also in the error case - gpgme: Fix 'General Error' returned when trying to sign an already signed UID again with the same key. - gpgme: use better error codes - gpgme: Treat GPGME_STATUS_{KEY,SIG}EXPIRED as errors, too. - gpgme: Add missing gpg_error() call (to set the correct source of the error) - kblog: fix broken tagging - kblog: GData tagging fix - fix sending mail fails due to spurious newline in server name configuration (kde#175892) - fix korganizer crash with akonadi resources (kde#175971) - remove use of isNull in icalformat - properly initialize kcal::attachment ctor - kcal: fix spurious error on empty alarm trigger - kcal: inline attachment fixes - kcal: crash fixes - kldap: crash bug fix (kde#174381) - Fix LDAP using simple authentication (kde#163319) - ldap: Quote CN parameters correctly. (kolab#3281) - update reference test files - merge updated testcase runner - use .shell versions of tests - remove mistaken reference files - fix a backporting boo-boo - kcal: fix an ical date interpretation bug - Fix a crash when using egroupware. - Fix a crash in KOrganizer when the addressbook contains a LDAP resource. - Fixes an assert crash when unloading and then loading a vCal resource - Fix high traffic rss feed fetches - Fix for improperly formatted mailto: links in the KOrganizer eventviewer. - fixcrash if data() returns null (CID:3969) - Fix sieve with dovecot servers - Fix parsing of time string to be more conforming to ISO 8601 - kcal: Fix iCal export due to wrongly discarded last byte (porting bug) (kde#182224) SUSE bug 490696 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for okular. SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a heap-based overflow in okular. The RLE decompression in the TranscribePalmImageToJPEG() function can be exploited to execute arbitrary code with user privileges by providing a crafted PDF file. (CVE-2010-2575) Security Issue reference: * CVE-2010-2575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575> SUSE bug 634743 CVE-2010-2575 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for kdm SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue. SUSE bug 584223 CVE-2010-0436 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for kdenetwork SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of kdenetwork fixes several bugs, the security related issues are: * CVE-2010-1000: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The 'name' attribute of the 'file' element of metalink files is not properly sanitised this can be exploited to download files to arbitrary directories. * CVE-2008-4776: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): CWE-119 The included libgadu version allowed remote servers to cause a denial of service (crash) via a buffer over-read. Non-security issues: * bnc#653852: kopete: ICQ login broken; login server changed * bnc#516347: kopete cant connect to yahoo Security Issue references: * CVE-2008-4776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776> * CVE-2010-1000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1000> SUSE bug 516347 SUSE bug 525528 SUSE bug 604709 SUSE bug 653852 CVE-2008-4776 CVE-2010-1000 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for kdelibs SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue. Security Issue reference: * CVE-2009-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725> SUSE bug 512559 SUSE bug 600469 CVE-2009-1725 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for kdelibs4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A KDELibs Remote Array Overrun (Arbitrary code execution) was fixed (CVE-2009-0689). SUSE bug 507328 SUSE bug 557126 CVE-2009-0689 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Linux kernel SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The Linux kernel on SUSE Linux Enterprise 11 was updated to 2.6.27.23 and received lots of bugs and security fixes. Following security issues have been fixed: CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. This requires that kernel can be made to mount a 'cifs' filesystem from a malicious CIFS server. CVE-2009-1337: The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks. CVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes 'garbage' memory to be sent. CVE-2009-1242: The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka 'Long mode enable') bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. CVE-2009-1360: The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. CVE-2009-1192: drivers/char/agp/generic.c in the agp subsystem in the Linux kernel does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Additionaly a lot of bugs have been fixed and are listed in the RPM changelog. SUSE bug 408304 SUSE bug 459065 SUSE bug 460284 SUSE bug 464360 SUSE bug 465854 SUSE bug 467518 SUSE bug 474062 SUSE bug 483706 SUSE bug 484931 SUSE bug 486430 SUSE bug 486803 SUSE bug 487106 SUSE bug 487755 SUSE bug 487987 SUSE bug 489005 SUSE bug 489105 SUSE bug 490368 SUSE bug 490608 SUSE bug 490902 SUSE bug 491289 SUSE bug 491430 SUSE bug 492282 SUSE bug 492760 SUSE bug 492768 SUSE bug 493392 SUSE bug 493991 SUSE bug 494463 SUSE bug 495068 SUSE bug 495515 SUSE bug 495668 SUSE bug 495816 SUSE bug 496027 SUSE bug 496353 SUSE bug 496398 SUSE bug 496399 SUSE bug 496502 SUSE bug 496878 SUSE bug 497807 SUSE bug 498042 SUSE bug 498237 SUSE bug 499558 SUSE bug 499772 SUSE bug 499845 SUSE bug 500508 SUSE bug 501114 SUSE bug 501160 SUSE bug 501224 SUSE bug 501234 SUSE bug 502026 SUSE bug 502425 SUSE bug 502733 SUSE bug 502903 SUSE bug 503038 SUSE bug 503101 SUSE bug 503161 SUSE bug 503457 SUSE bug 505831 SUSE bug 505925 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1360 CVE-2009-1439 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Kerberos SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Clients sending negotiation requests with invalid flags could crash the kerberos server (CVE-2009-0845). GSS-API clients could crash when reading from an invalid address space (CVE-2009-0844). Invalid length checks could crash applications using the kerberos ASN.1 parser (CVE-2009-0847). Under certain circumstances the ASN.1 parser could free an uninitialized pointer which could crash a kerberos server or even lead to execution of arbitrary code (CVE-2009-0846). SUSE bug 485894 SUSE bug 486722 SUSE bug 486723 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for KVM SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of QEMU KVM fixes the following bugs: - CVE-2009-3616: CVSS v2 Base Score: 8.5 use-after-free bug in VNC code which might be used to execute code on the host system injected from the guest system - CVE-2009-3638: CVSS v2 Base Score: 7.2 integer overflow in kvm_dev_ioctl_get_supported_cpuid() - CVE-2009-3640: CVSS v2 Base Score: 2.1 update_cr8_intercept() NULL pointer dereference SUSE bug 540247 SUSE bug 547555 SUSE bug 547624 SUSE bug 549487 SUSE bug 550072 SUSE bug 550732 SUSE bug 550917 CVE-2009-3616 CVE-2009-3638 CVE-2009-3640 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for lcms SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). SUSE bug 479606 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libHX13 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a heap-based buffer overflow in HX_split() of libHX. (CVE-2010-2947) Security Issue reference: * CVE-2010-2947 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2947> SUSE bug 631582 CVE-2010-2947 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libapr-util1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of libapr-util1 fixes a memory consumption bug in the XML parser that can cause a remote denial-of-service vulnerability in applications using APR (WebDAV for example) (CVE-2009-1955). Additionally a one byte buffer overflow in function apr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function apr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on the application using this function it can lead to remote denial of service or information leakage. SUSE bug 509825 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libesmtp SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates (CVE-2010-1192, CVE-2010-1194). This has been fixed. SUSE bug 585393 CVE-2010-1192 CVE-2010-1194 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Mozilla SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue: * CVE-2010-3170: Disallow wildcard matching in X509 certificate Common Names. This update also has preparations for Firefox 4 support, and a updated Root Certificate Authority list. Security Issue reference: * CVE-2010-3170 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170> SUSE bug 637290 CVE-2010-3170 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libgdiplus0 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code: * gdip_load_tiff_image() by processing specially crafted TIFF images * gdip_load_jpeg_image_internal() by processing specially crafted JPEG images * gdip_read_bmp_image() by processing specially crafted BMP image Security Issue reference: * CVE-2010-1526 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1526> SUSE bug 630756 CVE-2010-1526 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for openLDAP SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Several issues have been fixed in OpenLDAP: * specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212) * syncrepl might loose deletes in refreshAndPersist mode * DoS when handling 0-bytes Security Issues: * CVE-2010-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211> * CVE-2010-0212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212> SUSE bug 555725 SUSE bug 606294 SUSE bug 612430 CVE-2010-0211 CVE-2010-0212 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libtool SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue. SUSE bug 556122 CVE-2009-3736 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for MySQL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following bugs have been fixed: * local users could delete data files for tables of other users (CVE-2010-1626). * authenticated users could gather information for tables they should not have access to (CVE-2010-1849) * authenticated users could crash mysqld (CVE-2010-1848) * authenticated users could potentially execute arbitrary code as the user running mysqld (CVE-2010-1850) * authenticated users could crash mysqld (CVE-2010-3677, CVE-2010-3678, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683) Security Issue references: * CVE-2010-1626 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1626> * CVE-2010-1848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1848> * CVE-2010-1849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1849> * CVE-2010-1850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1850> * CVE-2010-3677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677> * CVE-2010-3678 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678> * CVE-2010-3681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681> * CVE-2010-3682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682> * CVE-2010-3683 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683> SUSE bug 607466 SUSE bug 609551 SUSE bug 637499 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3677 CVE-2010-3678 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libneon SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). SUSE bug 528370 SUSE bug 532345 CVE-2009-2408 CVE-2009-2473 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libnetpbm SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of netpbm fxes a stack-based buffer overflow that could be triggered while processing the contents of XPM headers in image files. (CVE-2009-4274: CVSS v2 Base Score: 5.8 (moderate) (AV:N/AC:M/Au:N/C:N/I:P/A:P): Buffer Errors (CWE-119)) SUSE bug 579903 CVE-2009-4274 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenSC SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Private data objects on smartcards initialized with OpenSC could be accessed without authentication (CVE-2009-0368). Only blank cards initialized with OpenSC are affected by this problem. Affected cards need to be manually fixed, updating the opensc package alone is not sufficient! Please carefully read and follow the instructions on the following web site if you are using PIN protected private data objects on smart cards other than Oberthur, and you have initialized those cards using OpenSC: http://en.opensuse.org/Smart_Cards/Advisories SUSE bug 480262 CVE-2009-0368 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenSSL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Three remote DoS vulnerabilities have been fixed in OpenSSL: a DTLS epoch record buffer memory DoS (CVE-2009-1377), a DTLS fragment handling memory DoS (CVE-2009-1378) and a DTLS fragment read after a free DoS (CVE-2009-1379). SUSE bug 504687 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libpng SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). SUSE bug 472745 CVE-2009-0040 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libpng SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249). Security Issues reference: * CVE-2010-1205 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205> * CVE-2010-2249 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249> SUSE bug 617866 CVE-2010-1205 CVE-2010-2249 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libpoppler SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704). This has been fixed. Security Issue references: * CVE-2010-3702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702> * CVE-2010-3704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704> SUSE bug 642785 CVE-2010-3702 CVE-2010-3704 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libpoppler4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. SUSE bug 387770 SUSE bug 481795 SUSE bug 487100 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0755 CVE-2009-0756 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Python SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following issues have been fixed: * a race condition in the accept() implementation of smtpd.py could lead to a denial of service (CVE-2010-3493). * integer overflows and insufficient size checks could crash the audioop module (CVE-2010-2089, CVE-2010-1634). Security Issue references: * CVE-2010-2089 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089> * CVE-2010-1634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634> * CVE-2010-3493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493> SUSE bug 609759 SUSE bug 609761 SUSE bug 638233 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libsndfile SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of libsndfile fixes a heap-based buffer overflow in voc_read_header() (CVE-2009-1788) and a heap-based buffer overflow in aiff_read_header() (CVE-2009-1791). SUSE bug 504434 CVE-2009-1788 CVE-2009-1791 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libtheora SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Numeric Errors (CWE-189) SUSE bug 581722 CVE-2009-3389 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libtiff SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) SUSE bug 519796 CVE-2009-2347 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libtiff3 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). SUSE bug 518698 CVE-2009-2285 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for udev SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a local privilege escalation in udev. CVE-2009-1185: udev did not check the origin of the netlink messages. A local attacker could fake device create events and so gain root privileges. SUSE bug 493158 CVE-2009-1185 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libvirt SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Improperly mapped source privileged ports in guests may allow obtaining privileged resources on the host (CVE-2010-2242). Security Issues: * CVE-2010-2242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242> SUSE bug 618155 CVE-2010-2242 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libvorbis SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of libvorbis fixes a memory corruption while parsing OGG files. The bug is exploitable by remote attackers to cause an application crash and could probably be exploited to execute arbitrary code. The issue has been tracked as CVE-2009-2663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663> . SUSE bug 608192 CVE-2009-2663 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for libxml2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 libxml2: Invalid memory access in the xpath handling has been fixed. CVE-2010-4008 has been assigned to this issue. Security Issue reference: * CVE-2010-4008 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008> SUSE bug 648277 CVE-2010-4008 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for lvm2, lvm2-clvm, lvm2-clvm-debuginfo, lvm2-clvm-debugsource, lvm2-debuginfo, lvm2-debugsource SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 clvmd, when running, allowed unprivileged local users to issue arbitrary lvm commands (CVE-2010-2526) via incorrect permissions. Security Issues: * CVE-2010-2526 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526> SUSE bug 622537 CVE-2010-2526 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for mipv6d SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following issues have been fixed: * the mipv6 daemon did not check the origin of netlink messages, therefore allowing local users to spoof messages (CVE-2010-2522). * remote attackers could cause buffer overflows in mipv6d (CVE-2010-2523). Security Issues reference: * CVE-2010-2522 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2522> * CVE-2010-2523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2523> SUSE bug 424311 CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Mozilla SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via javascript vectors. MFSA 2009-59 / CVE-2009-1563: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer. SUSE bug 546371 CVE-2009-1563 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Mozilla SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652) SUSE bug 495473 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Mozilla XULrunner SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: * MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. o Memory safety bugs - Firefox 3.6, Firefox 3.5 o CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. o Memory safety bugs - Firefox 3.6 o CVE-2010-3175 * MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. * MFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. * MFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. * MFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. * MFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site. * MFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. * MFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library. * MFSA 2010-73 / CVE-2010-3765: Morten Kr??kvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. SUSE bug 653606 CVE-2010-3170 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for mutt SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. SUSE bug 537141 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for nagios SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. SUSE bug 517311 CVE-2009-2288 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for ntp SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a remote buffer overflow in xntp/ntp which can be exploited when autokey is enabled to execute arbitrary code. (CVE-2009-1252) This upfate fixes a buffer overflow in ntpd that can be triggered by a malicious server. (CVE-2009-0159) SUSE bug 479341 SUSE bug 482349 SUSE bug 483897 SUSE bug 484653 SUSE bug 501632 CVE-2009-0159 CVE-2009-1252 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for open-iscsi SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The iscsi_discovery tool created predictable temporary files which potentially allowed attackers to overwrite system files (CVE-2009-1297). Also some non-security bugs have been fixed: - synchronize startup settings - fix daemon segfault with CHAP SUSE bug 514273 SUSE bug 519402 SUSE bug 528711 CVE-2009-1297 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for openslp SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609). Additionally the following non-security bugs were fixed: * 564504: Fix handling of DA answers if both active and passive DA detection is off * 597215: Add configuration options to openSLP: net.slp.DASyncReg makes slpd query statically configured DAs for registrations, net.slp.isDABackup enables periodic writing of remote registrations to a backup file which is also read on startup. Both options can be used to decrease the time between the start of the slpd daemon and slpd knowing all registrations. * 601002: reduce CPU usage spikes on machines with many connections by using the kernel netlink interface instead of reading the /proc filesystem. * 626444: Standard compliance was fixed by stripping leading and trailing white spaces when doing string comparisons of scopes. Security Issue reference: * CVE-2010-3609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609> SUSE bug 564504 SUSE bug 597215 SUSE bug 601002 SUSE bug 626444 SUSE bug 642571 CVE-2010-3609 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenSSL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 OpenSSL DTLS remote DoS in ChangeCipherSpec (CVE-2009-1386) and in out-of-sequence message handling (CVE-2009-1387) have been fixed. SUSE bug 509031 CVE-2009-1386 CVE-2009-1387 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for OpenSSL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Incorrect use of an OpenSSL cleanup function can lead to memory leaks in applications. For example an SSL enabled web server such as Apache that uses PHP, curl and OpenSSL leaks memory if a SIGHUP signal was sent to Apache. The OpenSSL cleanup function was made more robust to avoid memory leaks (CVE-2009-4355). SUSE bug 566238 CVE-2009-4355 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for openswan SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). SUSE bug 487762 CVE-2009-0790 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for pango SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of pango fixes a segfault in libpango that can be triggered by visiting web-sites. (CVE-2009-1194) SUSE bug 492773 CVE-2009-1194 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for pcsc-lite SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of pcsc-lite fixes a local vulnerability (stack overflow) which allowed every user with write-access to '/var/run/pcscd/pcscd.comm' to gain root privileges. CVE-2010-0407 has been assigned to this issue. SUSE bug 609317 CVE-2010-0407 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Perl SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A Buffer overflow in perl, in the base Compress::Raw::Zlib perl module has been fixed. (CVE-2009-1391) Additionaly three non security bugs were fixed. SUSE bug 489114 SUSE bug 493978 SUSE bug 498425 SUSE bug 511241 CVE-2009-1391 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for perl-HTML-Parser SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted HTML documents could cause perl-HTML-Parser to run into an endless loop (CVE-2009-3627). SUSE bug 550076 CVE-2009-3627 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for perl-IO-Socket-SSL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of perl-IO-Socket-SSL improves the hostname checking of the SSL certificate. (CVE-2009-3024) SUSE bug 535554 CVE-2009-3024 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for PostgreSQL SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). SUSE bug 486347 CVE-2009-0922 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for pyxml SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted XML documents could make pyxml run into an enless loop, therefore locking up applications using pyxml (CVE-2009-3720, CVE-2009-3560). SUSE bug 550666 SUSE bug 561561 CVE-2009-3560 CVE-2009-3720 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for quagga SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes a remote denial of service bug in quagga that can be triggered via an AS path containing ASN elements whose string representation is longer than expected. (CVE-2009-1572) SUSE bug 500540 CVE-2009-1572 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for sendmail SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of sendmail improves the handling of special-characters in the SSL certificate. (CVE-2009-4565: CVSS v2 Base Score: 7.5) SUSE bug 568017 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for ruby SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore. SUSE bug 415678 SUSE bug 420084 SUSE bug 423234 SUSE bug 478019 SUSE bug 499253 SUSE bug 509914 SUSE bug 511568 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 CVE-2009-0642 CVE-2009-1904 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for squid SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The following vulnerabilities have been fixed in squid: CVE-2009-2855: DoS via special crafted auth header CVE-2010-0308: DoS via invalid DoS header SUSE bug 576087 SUSE bug 577347 CVE-2009-2621 CVE-2009-2622 CVE-2009-2855 CVE-2010-0308 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for strongswan SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes two denial of service bugs that can lead to a remote pre-auth crash while processing a IKE_SA_INIT or a IKE_AUTH request. CVE-2009-1957 and CVE-2009-1958 have been assigned to this issue. SUSE bug 507742 CVE-2009-1957 CVE-2009-1958 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for sudo SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update fixes two security issues: CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to properly reset group permissions, when 'runas_default' option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could lead to privilege escalation CVE-2010-0426:CVSS v2 Base Score: 6.6 A privilege escalation flaw was found in the way sudo used to check file paths for pseudocommands. If local, unprivileged user was authorized by sudoers file to edit one or more files, it could lead to execution of arbitrary code, with the privileges of privileged system user (root). SUSE bug 582555 SUSE bug 582556 CVE-2010-0426 CVE-2010-0427 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for systemtap SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of systemtab fixes a shell meta character injection vulnerability that allows remote users to execute arbitrary commands with the privileges of the stap-server. (CVE-2009-4273 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4273> ) Additionally, a remote denial of service bug in the _getargv() function has been fixed. (CVE-2010-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0411> ) SUSE bug 574243 CVE-2009-4273 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for tar SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server (CVE-2010-0624). It's advisable to always use tar's --force-local local option to avoid such tricks. SUSE bug 579475 CVE-2010-0624 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for tgt SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of tgt fixes multiple overflows and a format string vulnerability: * CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) * CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) SUSE bug 592928 SUSE bug 618574 CVE-2010-0743 CVE-2010-2221 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for w3m SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 w3m does not handle embedded NUL characters in the common name and in subject alternative names of X.509 certificates (CVE-2010-2074 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074> ). This update fixes the issue and also turns on verification of x509 certificates by default which was not the case before. SUSE bug 609451 CVE-2010-2074 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Websphere Community Edition SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update of WebSphere fixes the following vulnerabilities: - GERONIMO-3838: close potential denial of service attack - CVE-2008-5518: fix Apache Geronimo web administration console directory traversal vulnerabilities. - CVE-2009-0038: fix Apache Geronimo web administration console XSS vulnerabilities. - CVE-2009-0039: fix Apache Geronimo web administration console XSRF vulnerabilities. - CVE-2009-0781: Samples: Fix Apache Tomcat cross-site scripting vulnerability. SUSE bug 507806 CVE-2008-5518 CVE-2009-0038 CVE-2009-0039 CVE-2009-0781 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for wget SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 This update wget improves the handling of the 0-character in the subject name of a SSL certificate. SUSE bug 528298 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for wireshark SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Version upgrade to Wireshark 1.0.7 to fix various vulnerabilities: CVE-2009-1269: crash while loading a Tektronix .rf5 file CVE-2009-1268: crash in Check Point High-Availability Protocol (CPHAP) dissector CVE-2009-1267: LDAP dissector could crash on Windows CVE-2009-1210: PROFINET format string bug CVE-2009-1266: additional PROFINET format string bugs, a crash in the PCNFSD dissector SUSE bug 493584 CVE-2009-1210 CVE-2009-1266 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Xen SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Collective Xen/201004 Update, containing fixes for the following issues: bnc#576832 - pygrub, reiserfs: Fix on-disk structure definition bnc#537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc#561912 - xend leaks memory bnc#564750 - Keyboard Caps Lock key works abnormal under SLES11 xen guest OS. bnc#548443 - keymap setting not preserved bnc#555152 - 'NAME' column in xentop (SLES11) output limited to 10 characters unlike SLES10 bnc#553631 - L3: diskpart will not run on windows 2008 bnc#548852 - DL585G2 - plug-in PCI cards fail in IO-APIC mode bnc#529195 - xend: disallow ! as a sxp separator bnc#550397 - xend: bootable flag of VBD not always of type int bnc#545470 - Xen vifname parameter is ignored when using type=ioemu in guest configuration file bnc#541945 - xm create -x command does not work in SLES 10 SP2 or SLES 11 bnc#542525 - xen pygrub vulnerability (CVE-2009-3525) bnc#481592 and fate#306125 - Virtual machines are not able to boot from CD to allow upgrade to OES2SP1 (sle10 bug) bnc#553633 - Update breaks menu access keys in virt-viewer and still misses some key sequences. (sle10 bug) fate#306720: xen: virt-manager cdrom handling. bnc#547590 - L3: virt-manager is unable of displaying VNC console on remote hosts bnc#572691 - libvird segfaults when trying to create a kvm guest bnc#573748 - L3: Virsh gives error Device 51712 not connected after updating libvirt modules bnc#548438 - libcmpiutil / libvirt-cim does not properly handle CIM_ prefixed bnc#513921: Xen doesn't work get an eror when starting the install processes or starting a pervious installed DomU bnc#526855: Cannot set MAC address for PV guest in vm-install SUSE bug 481592 SUSE bug 513921 SUSE bug 526855 SUSE bug 529195 SUSE bug 537370 SUSE bug 541945 SUSE bug 542525 SUSE bug 545470 SUSE bug 547590 SUSE bug 548438 SUSE bug 548443 SUSE bug 548852 SUSE bug 550397 SUSE bug 553631 SUSE bug 553633 SUSE bug 555152 SUSE bug 561912 SUSE bug 564750 SUSE bug 572691 SUSE bug 573748 SUSE bug 576832 SUSE bug 591092 CVE-2009-3525 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for Xerces-j2 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The xerces-j2 package was vulnerable to various bugs while parsing XML.CVE-2009-2625 has been assigned to this issue. SUSE bug 530717 CVE-2009-2625 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for xpdf SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 Specially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791). SUSE bug 502974 CVE-2009-0791 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for YaST2 LDAP module SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 The YaST2 LDAP module in SUSE Linux Enterprise Server 11 did not initialize the firewall configuration during second stage installation. Therefore, if an online update required reboot during second stage firewall settings were not applied and the firewall turned off (CVE-2009-1648). SUSE bug 492441 SUSE bug 496862 CVE-2009-1648 cpe:/o:suse:sles_sap:11 cpe:/o:suse:suse_sles:11 Security update for ConsoleKit SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Remote users logged in via e.g. ssh could open a consolekit session that is considered local and therefore gain additional privileges, e.g. via policykit (CVE-2010-4664). Security Issue reference: * CVE-2010-4664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4664> SUSE bug 686150 CVE-2010-4664 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) * Use-after-free with SMIL Animation Controller. (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue: * Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues references: * CVE-2014-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533> * CVE-2014-1534 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534> * CVE-2014-1536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536> * CVE-2014-1537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537> * CVE-2014-1538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538> * CVE-2014-1541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541> * CVE-2014-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545> SUSE bug 881874 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for ImageMagick SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files: * CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. * CVE-2012-0247 / CVE-2012-1185: Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via 'profile.c'. * CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption). * CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD. Security Issue references: * CVE-2012-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0247> * CVE-2012-0248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248> * CVE-2012-1185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1185> * CVE-2012-1186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1186> * CVE-2012-0259 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259> * CVE-2012-0260 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260> * CVE-2012-1798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1798> * CVE-2012-1610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610> SUSE bug 746880 SUSE bug 752879 SUSE bug 754749 SUSE bug 758512 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vulnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Important SUSE bug 978061 CVE-2016-3714 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Important SUSE bug 982178 CVE-2016-5118 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA ImageMagick was updated to fix 55 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent file descriptr leak due to corrupted file (bsc#983774). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9820: heap overflow in xpm files (bsc#984150). - CVE-2014-9823: heap overflow in palm file (bsc#984401). - CVE-2014-9822: heap overflow in quantum file (bsc#984187). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9807: Fix a double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). Important SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984181 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9842 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] Moderate SUSE bug 991445 SUSE bug 991872 CVE-2016-6491 CVE-2016-6520 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Important SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000709 SUSE bug 1000711 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1007245 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-5687 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7533 CVE-2016-7535 CVE-2016-7537 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] * CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Moderate SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2016-7530 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433). - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436). - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439). - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5511 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Important SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9501 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135). - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219). - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430). - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873). Moderate SUSE bug 1050135 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2017-11534 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060577 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 CVE-2017-11188 CVE-2017-11478 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14733 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422). - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422). - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550). - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049). - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063). - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460). - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large 'length' field in the header but did not contain sufficient backing data, is provided, the loop over 'length' would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723). - CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053). - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050). Moderate SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720). - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065). - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446). - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731). - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732). - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323). - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434). - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898). - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120). - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468). - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550). - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710). - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640). - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606). - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855). - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751). - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123). - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373) - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252) - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771) - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082) - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425). - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412). - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902). - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122). - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) Moderate SUSE bug 1042948 SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1049373 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051412 SUSE bug 1051446 SUSE bug 1052252 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1052771 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058082 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074123 SUSE bug 1074425 SUSE bug 1074610 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-11141 CVE-2017-11449 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 CVE-2017-12430 CVE-2017-12434 CVE-2017-12564 CVE-2017-12642 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14249 CVE-2017-14326 CVE-2017-14533 CVE-2017-17680 CVE-2017-17881 CVE-2017-17882 CVE-2017-18022 CVE-2017-9409 CVE-2018-5246 CVE-2018-5247 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635). - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185) - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - Prevent memory leak in svg.c, which allowed attackers to cause a denial of service via a crafted SVG image file (bsc#1074120) - Prevent small memory leak when processing PWP image files (bsc#1074309) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Moderate SUSE bug 1042824 SUSE bug 1048110 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1058009 SUSE bug 1074119 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11448 CVE-2017-11450 CVE-2017-11537 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17885 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) Moderate SUSE bug 1042911 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050132 SUSE bug 1052754 SUSE bug 1072898 CVE-2017-11528 CVE-2017-11530 CVE-2017-11533 CVE-2017-12663 CVE-2017-17682 CVE-2017-9405 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1084060 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-9500 CVE-2018-7443 CVE-2018-8804 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781) - security update (wand) * CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (core) * CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (tiff.c) * CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782) Moderate SUSE bug 1047356 SUSE bug 1086773 SUSE bug 1086782 SUSE bug 1087027 SUSE bug 1087033 SUSE bug 1087037 SUSE bug 1089781 CVE-2017-1000476 CVE-2017-10928 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Moderate SUSE bug 1056277 SUSE bug 1094204 SUSE bug 1094237 SUSE bug 1095812 SUSE bug 1098545 SUSE bug 1098546 SUSE bug 1102003 SUSE bug 1102004 SUSE bug 1102005 SUSE bug 1102007 CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable (bsc#1105592) Important SUSE bug 1105592 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Moderate SUSE bug 1074170 SUSE bug 1106855 SUSE bug 1106989 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1108282 SUSE bug 1108283 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399) - CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609) - CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129) - CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635) Moderate SUSE bug 1050129 SUSE bug 1050635 SUSE bug 1107609 SUSE bug 1112399 CVE-2017-11532 CVE-2017-11639 CVE-2017-14997 CVE-2018-16644 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1113064 SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). Moderate SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132060 SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 CVE-2019-10650 CVE-2019-11007 CVE-2019-11009 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-9956 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Low SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11598 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425). Moderate SUSE bug 1138425 SUSE bug 1138464 CVE-2019-11597 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140513 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1141171 CVE-2019-12975 CVE-2019-12976 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13301 CVE-2019-13311 CVE-2019-13454 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1133204 SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151786 CVE-2019-11472 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16713 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Moderate SUSE bug 1159861 SUSE bug 1160369 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-11527: Fixed a denial of service in inReadDPXImage() (bsc#1047054). Moderate SUSE bug 1047054 CVE-2017-11527 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2020-27560: Fixed potential denial of service in OptimizeLayerFrames function in MagickCore/layer.c (bsc#1178067). Moderate SUSE bug 1178067 CVE-2020-27560 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179212 SUSE bug 1179269 SUSE bug 1179281 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763 CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27771 CVE-2020-27772 CVE-2020-27775 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836). - CVE-2020-25665: Fixed heap-based buffer overflow in WritePALMImage (bsc#1179208). Moderate SUSE bug 1179208 SUSE bug 1181836 CVE-2020-25665 CVE-2021-20176 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c - CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c - CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c Moderate SUSE bug 1182325 SUSE bug 1182336 SUSE bug 1182337 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 cpe:/o:suse:sles:11:sp1:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) Moderate SUSE bug 1184624 SUSE bug 1184627 SUSE bug 1184628 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Important SUSE bug 1017711 SUSE bug 1017712 CVE-2016-9941 CVE-2016-9942 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). Moderate SUSE bug 1081493 CVE-2018-7225 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Important SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173880 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:suse:sles:11:sp1:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles:11:sp1:teradata Security update for Mesa (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. * MFSA 2012-34 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12.(CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) * MFSA 2012-35 Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory (CVE-2012-1943) * MFSA 2012-36 Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944) * MFSA 2012-37 Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945) * MFSA 2012-38 Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946) * MFSA 2012-39 Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441) * MFSA 2012-40 Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild (CVE-2012-1940) Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position (CVE-2012-1941) More information on security issues can be found on: http://www.mozilla.org/security/announce/ <http://www.mozilla.org/security/announce/> SUSE bug 765204 CVE-2011-3101 CVE-2012-0441 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1942 CVE-2012-1943 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to version 38.5.0 ESR. It fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Moderate SUSE bug 977333 SUSE bug 977374 SUSE bug 977376 SUSE bug 977381 SUSE bug 977386 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12. These security issues were fixed in 45.3.0ESR: - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62) - CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63) - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65) - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67) - CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) - CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73) - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78) - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79) - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Security issues fixed in 45.2.0.ESR: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Important SUSE bug 1027527 SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version 52.3 ESR fixes several issues. These security issues were fixed: - CVE-2017-7807: Domain hijacking through AppCache fallback (bsc#1052829) - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts (bsc#1052829) - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID (bsc#1052829) - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections (bsc#1052829) - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads (bsc#1052829) - CVE-2017-7786: Buffer overflow while painting non-displayable SVG (bsc#1052829) - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM (bsc#1052829) - CVE-2017-7784: Use-after-free with image observers (bsc#1052829) - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements (bsc#1052829) - CVE-2017-7798: XUL injection in the style editor in devtools (bsc#1052829) - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher (bsc#1052829) - CVE-2017-7779: Various memory safety bugs (bsc#1052829) - CVE-2017-7800: Use-after-free in WebSockets during disconnection (bsc#1052829) - CVE-2017-7801: Use-after-free with marquee during window resizing (bsc#1052829) - CVE-2017-7802: Use-after-free resizing image elements (bsc#1052829) - CVE-2017-7803: CSP containing 'sandbox' improperly applied (bsc#1052829) This non-security issue was fixed: - bsc#1031485: Prevent firefox from hanging after a while in FUTEX_WAIT_PRIVATE if cgroups are enabled Important SUSE bug 1031485 SUSE bug 1052829 SUSE bug 930392 SUSE bug 930496 SUSE bug 935510 SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.2 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to ESR 52.8 fixes the following issues: Update to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). - CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872). - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Non-security issues fixed: - Fix broken language plugins (bsc#1137792) Important SUSE bug 1137792 SUSE bug 1138614 SUSE bug 1138872 SUSE bug 1140868 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Update Firefox Extended Support Release to 68.3.0 ESR (MFSA 2019-37 / bsc#1158328) Security issues fixed: - CVE-2019-17008: Use-after-free in worker destruction (bmo#1546331). - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156). - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher (bmo#1586176). - CVE-2019-17009: Updater temporary files accessible to unprivileged processes (bmo#1510494). - CVE-2019-17010: Use-after-free when performing device orientation checks (bmo#1581084). - CVE-2019-17005: Buffer overflow in plain text serializer (bmo#1584170). - CVE-2019-17011: Use-after-free when retrieving a document in antitracking (bmo#1591334). - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502). Update mozilla-nss to version 3.47.1 (bsc#1158527): Security issues fixed: - CVE-2019-11745: EncryptUpdate should use maxout, not block size. Bug fixes: - Fix a crash that could be caused by client certificates during startup (bmo#1590495, bsc#1158527) - Fix compile-time warnings from uninitialized variables in a perl script (bmo#1589810) - Support AES HW acceleration on ARMv8 (bmo#1152625) - Allow per-socket run-time ordering of the cipher suites presented in ClientHello (bmo#1267894) - Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501) - Remove arbitrary HKDF output limit by allocating space as needed (bmo#1577953) Update mozilla-nspr to version 4.23: Bug fixes: - fixed a build failure that was introduced in 4.22 - correctness fix for Win64 socket polling - whitespace in C files was cleaned up and no longer uses tab characters for indenting - added support for the ARC architecture - removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS - correctness and build fixes Important SUSE bug 1158328 SUSE bug 1158527 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR (bsc#1163368). Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process (bsc#1163368). - CVE-2020-6798: Fixed a JavaScript code injection issue caused by the incorrect parsing of template tags (bsc#1163368). - CVE-2020-6799: Fixed a local arbitrary code execution issue when handling PDF links from other applications (bsc#1163368). - CVE-2020-6800: Fixed several memory safety bugs (bsc#1163368). Non-security issues fixed: - Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726). Important SUSE bug 1161799 SUSE bug 1163368 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.6.1 ESR MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.8.0 ESR MFSA 2020-17 (bsc#1171186) * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-12388 (bmo#1618911) Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389 (bmo#1554110) Sandbox escape with improperly separated process types * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Since firefox-gcc8 now has disabled autoreqprov for firefox-libstdc++6 and firefox-libgcc_s1, those packages don't provide some capabilities, we have to disable AutoReqProv in MozillaFirefox too so they're not added as automatic requirements. (bsc#1162828) Important SUSE bug 1162828 SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1166238 SUSE bug 1167231 SUSE bug 1173576 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading (boo#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe (MFSA 2020-32) (bsc#1174538). * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Moderate SUSE bug 1173948 SUSE bug 1173991 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). Moderate SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Fixed problems with compiler builtins on SLE-11 (bsc#1175046) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1175046 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Low SUSE bug 1181848 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Moderate SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This MozillaFirefox and Mozilla NSS update fixes several security and non-security issues. MozillaFirefox has been updated to 24.5.0esr which fixes following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532> * CVE-2014-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531> * CVE-2014-1530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530> * CVE-2014-1529 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529> * CVE-2014-1524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524> * CVE-2014-1523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523> * CVE-2014-1520 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520> * CVE-2014-1518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518> SUSE bug 865539 SUSE bug 869827 SUSE bug 875378 SUSE bug 875803 CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816) * CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807) * Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801) Security Issues: * CVE-2015-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801> * CVE-2015-0807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807> * CVE-2015-0813 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813> * CVE-2015-0814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814> * CVE-2015-0816 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816> SUSE bug 925368 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0816 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, rust-cbindgen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, rust-cbindgen fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Firefox Extended Support Release 91.1.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274) * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) (bmo#1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) (bmo#1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891) * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 rust-cbindgen was updated to 0.19.0. Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles:11:sp1:teradata Security update for NetworkManager SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246). This has been fixed. Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks. Security Issue reference: * CVE-2006-7246 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7246> SUSE bug 574266 SUSE bug 686093 SUSE bug 694218 CVE-2006-7246 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for NetworkManager-gnome SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246). Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks. This is a re-release of the previous update to also enable the checks for EAP-TLS. SUSE bug 574266 SUSE bug 732700 CVE-2006-7246 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Recommended update for NetworkManager-kde4 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it to NetworkManager for it to do a network validation in the absence of a real certificate (bsc#726349) - Disabled the loading by default of the NetworkManager plasma applet since it doesn't work. - Fixed a crash due to the use of an uninitialized variable in the plasma applet in case someone runs it manually (bsc#663413) Moderate SUSE bug 663413 SUSE bug 726349 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) * CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp. (This was already fixed by the previous update bug not referenced.) (bsc#1040112) Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-9110 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578). Moderate SUSE bug 1169574 SUSE bug 1169576 SUSE bug 1169578 CVE-2020-11761 CVE-2020-11763 CVE-2020-11764 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879). - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879). Moderate SUSE bug 1179879 CVE-2020-16588 CVE-2020-16589 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: - CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173) - CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172) Moderate SUSE bug 1184172 SUSE bug 1184173 CVE-2021-3475 CVE-2021-3476 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function Important SUSE bug 1184354 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3605 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Moderate SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1192556 CVE-2021-20298 CVE-2021-20300 CVE-2021-20303 CVE-2021-20304 CVE-2021-3941 cpe:/o:suse:sles:11:sp1:teradata Security update for OpenOffice_org SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of OpenOffice_org fixes the following security issue: * Arbitrary macros written in Python can be executed by bypassing macro security permissions. CVE-2010-0395 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0395> It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html <http://development.openoffice.org/releases/3.2.1.html> . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. SUSE bug 607095 CVE-2010-0395 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for SDL (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sles:11:sp1:teradata Security update for SDL (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for SDL fixes the following issues: Secuirty issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). Moderate SUSE bug 1141844 CVE-2019-13616 cpe:/o:suse:sles:11:sp1:teradata Security update for SDL (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for SDL fixes the following issues: - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c (bsc#1181201). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (bsc#1124825). - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c (bsc#1181202). Important SUSE bug 1124825 SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2019-7637 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles:11:sp1:teradata Security update for SuSEfirewall2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Moderate SUSE bug 1064127 CVE-2017-15638 cpe:/o:suse:sles:11:sp1:teradata Security update for adns (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles:11:sp1:teradata Security update for aide (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles:11:sp1:teradata Security update for amanda (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916). Moderate SUSE bug 1112916 CVE-2016-10729 cpe:/o:suse:sles:11:sp1:teradata Security update for ant (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ant fixes the following security issue: - CVE-2018-10886: Prevent arbitrary file write with specially crafted zip files (bsc#1100053). Moderate SUSE bug 1100053 CVE-2018-10886 cpe:/o:suse:sles:11:sp1:teradata Security update for Apache2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes several security issues in the Apache2 webserver. * CVE-2011-3639, CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. * CVE-2011-1473: Fixed the SSL renegotiation DoS by disabling renegotiation by default. * CVE-2011-3607: Integer overflow in ap_pregsub function resulting in a heap based buffer overflow could potentially allow local attackers to gain privileges. Also a non-security bug was fixed: * httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make non-ascii eg UTF8 passwords work with mod_authnz_ldap. [bnc#727071] Security Issue references: * CVE-2011-3639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3639> * CVE-2011-3368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368> * CVE-2011-4317 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317> * CVE-2011-1473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473> * CVE-2011-3607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607> SUSE bug 688472 SUSE bug 722545 SUSE bug 727071 SUSE bug 728533 SUSE bug 728876 SUSE bug 729181 CVE-2011-1473 CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183) Bugs fixed: - add SSLSessionTickets directive (bsc#941676) - hardcode modules %files (bsc#444878) - only enable the port 443 for TCP protocol, not UDP. (bsc#931002) Moderate SUSE bug 444878 SUSE bug 931002 SUSE bug 938728 SUSE bug 941676 CVE-2015-3183 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) Moderate SUSE bug 988488 CVE-2016-5387 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715). Moderate SUSE bug 1016714 SUSE bug 1016715 CVE-2016-2161 CVE-2016-8743 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830) - Don't put the backend in error state (by default) when 500/503 error code is overridden. (bsc#951692) - Allow single-char field names inadvertently disallowed in 2.2.32. Moderate SUSE bug 1041830 SUSE bug 1048576 SUSE bug 951692 CVE-2017-9788 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Moderate SUSE bug 1045060 SUSE bug 1045061 SUSE bug 1045062 SUSE bug 1045065 SUSE bug 1052830 SUSE bug 1058058 SUSE bug 1064561 CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775] Moderate SUSE bug 1086775 SUSE bug 1086776 SUSE bug 1086817 CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Important SUSE bug 1131239 SUSE bug 1131241 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Moderate SUSE bug 1145738 SUSE bug 1145740 CVE-2019-10092 CVE-2019-10098 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1169066 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - Fixed potential content spoofing with default error pages(bsc#118270) Moderate SUSE bug 1145740 SUSE bug 1182703 CVE-2019-10092 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest Important SUSE bug 1186922 SUSE bug 1187174 CVE-2020-35452 CVE-2021-30641 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) Important SUSE bug 1190666 CVE-2021-39275 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197095 SUSE bug 1197096 CVE-2022-22720 CVE-2022-22721 cpe:/o:suse:sles:11:sp1:teradata Security update for Apache2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of apache2 and libapr1 fixes regressions and several security problems. * CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. * CVE-2012-0053: Fixed an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400'. * CVE-2007-6750: The 'mod_reqtimeout' module was backported from Apache 2.2.21 to help mitigate the 'Slowloris' Denial of Service attack. You need to enable the 'mod_reqtimeout' module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. For more detailed information, check also the README file. Also the following bugs have been fixed: * Fixed init script action 'check-reload' to avoid potential crashes. bnc#728876 * An overlapping memcpy() was replaced by memmove() to make this work with newer glibcs. bnc#738067 bnc#741874 * libapr1: reset errno to zero to not return previous value despite good status of new operation. bnc#739783 Security Issue references: * CVE-2007-6750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750> * CVE-2012-0031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031> * CVE-2012-0053 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053> SUSE bug 728876 SUSE bug 738067 SUSE bug 738855 SUSE bug 739783 SUSE bug 741243 SUSE bug 741874 SUSE bug 743743 CVE-2007-6750 CVE-2012-0031 CVE-2012-0053 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for apache2-mod_jk (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). - CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845). Moderate SUSE bug 1114612 SUSE bug 927845 CVE-2014-8111 CVE-2018-11759 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2-mod_nss (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Moderate SUSE bug 975394 SUSE bug 979688 CVE-2013-4566 CVE-2014-3566 cpe:/o:suse:sles:11:sp1:teradata Security update for apache2-mod_perl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apache2-mod_perl fixes the following issues: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Moderate SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update fixes two security issues of PHP5: * Potential overflow in _php_stream_scandir. (CVE-2012-2688 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688> ) * open_basedir bypass via SQLite extension. (CVE-2012-3365 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3365> ) SUSE bug 772580 SUSE bug 772582 CVE-2012-2688 CVE-2012-3365 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for apache2-mod_python SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 Apache2 mod_python has been changed to enable randomized hashes to help fixing denial of service problems by injecting prepared values into Python hash functions. (CVE-2012-1150) As some Python scripts might need a known hashing order, the old behaviour can be restored using a newly introduced module option called PythonRandomizeHashes The option is default on, but can be disabled if necessary for compatibility with above scripts. Security Issue reference: * CVE-2012-1150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150> SUSE bug 757549 CVE-2012-1150 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apport fixes the following issues: Security issue fixed: - CVE-2015-1338: Insecurely created crash dumps could lead to a DoS or privilege escalation through malicious symlinks. (bsc#947731) Moderate SUSE bug 947731 CVE-2015-1338 cpe:/o:suse:sles:11:sp1:teradata Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apport fixes the following issues: Security issues fixed: - CVE-2019-7307: Fixed a TOCTOU issue, which allows local users to read arbitrary files. (bsc#1140986) Moderate SUSE bug 1140986 CVE-2019-7307 cpe:/o:suse:sles:11:sp1:teradata Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for apport fixes the following issues: - CVE-2019-11482: Fixed TOCTTOU race conditions when creating a core file (bsc#1155479). - CVE-2019-11485: Fixed a permission issue with the directory of lock files (bsc#1155481) - CVE-2019-15790: Fixed the privilleges that reads /proc/$PID/ files to avoid potential information disclosure (bsc#1155482). - CVE-2020-15701: Fixed a denial of service while parsing apport-ignore.xml (bsc#1174108). Moderate SUSE bug 1155479 SUSE bug 1155481 SUSE bug 1155482 SUSE bug 1174108 CVE-2019-11482 CVE-2019-11485 CVE-2019-15790 CVE-2020-15701 cpe:/o:suse:sles:11:sp1:teradata Security update for ark SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Ark was prone to a path traversal vulnerability allowing a maliciously-crafted zip file to allow for an arbitrary file to be displayed and, if the user has appropriate credentials, removed (CVE-2011-2725). Security Issue reference: * CVE-2011-2725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2725> SUSE bug 708268 CVE-2011-2725 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for arpwatch SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 arpwatch was improperly dropping its privileges. This has been fixed. Security Issue reference: * CVE-2012-2653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2653> SUSE bug 764521 CVE-2012-2653 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for arpwatch (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles:11:sp1:teradata Security update for aspell (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for aspell fixes the following issues: - CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892). Moderate SUSE bug 1153892 CVE-2019-17544 cpe:/o:suse:sles:11:sp1:teradata Security update for aspell (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for aspell fixes the following security issue: - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Moderate SUSE bug 1161982 CVE-2019-20433 cpe:/o:suse:sles:11:sp1:teradata Security update for aspell (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles:11:sp1:teradata Security update for atftp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles:11:sp1:teradata Security update for atftp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for atftp fixes the following issues: - CVE-2021-41054: Fixed buffer overflow caused by combination of data, OACK, and other options (bsc#1190522). Moderate SUSE bug 1190522 CVE-2021-41054 cpe:/o:suse:sles:11:sp1:teradata Security update for atftp (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for atftp fixes the following issues: - CVE-2021-46671: Fixed a potential information leak in atftpd (bsc#1195619). Low SUSE bug 1195619 CVE-2021-46671 cpe:/o:suse:sles:11:sp1:teradata Security update for audiofile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Moderate SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sles:11:sp1:teradata Security update for augeas (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The augeas package was updated to fix the following security issue: - CVE-2014-8119: backported path escaping patch (bsc#925225) Moderate SUSE bug 925225 CVE-2014-8119 cpe:/o:suse:sles:11:sp1:teradata Security update for augeas (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for augeas fixes the following issues: Security issue fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). Low SUSE bug 1054171 CVE-2017-7555 cpe:/o:suse:sles:11:sp1:teradata Security update for automake SUSE Linux Enterprise Server 11 SP1-TERADATA This update of automake fixes a race condition in 'distcheck' (CVE-2012-3386). Also a bug where world writeable tarballs were generated during 'make dist' has been fixed (CVE-2009-4029). Security Issue references: * CVE-2012-3386 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386> * CVE-2009-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029> SUSE bug 559815 SUSE bug 770618 CVE-2012-3386 cpe:/o:suse:sles:11:sp1:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sles:11:sp1:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for avahi fixes the following issues: - Increase data and stack limits (bsc#1085255). Moderate SUSE bug 1085255 cpe:/o:suse:sles:11:sp1:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Moderate SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles:11:sp1:teradata Security update for axis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Moderate SUSE bug 1103658 CVE-2018-8032 cpe:/o:suse:sles:11:sp1:teradata Security update for axis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Moderate SUSE bug 1134598 CVE-2012-5784 CVE-2014-3596 cpe:/o:suse:sles:11:sp1:teradata Security update for bash SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 Parsing the /dev/fd prefix could have lead to a stack-based buffer overflow which could have been exploited by attackers to bypass security restrictions. This has been fixed. Security Issue reference: * CVE-2012-3410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410> SUSE bug 770795 CVE-2012-3410 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for bash (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bash fixes the following issues: Security issue fixed: - CVE-2016-9401: Fixed a denial of service with popd, where a user supplied address would be free'd (bsc#1010845). Moderate SUSE bug 1010845 CVE-2016-9401 cpe:/o:suse:sles:11:sp1:teradata Security update for bind SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The bind nameserver was updated to fix a crash (denial of service) during high DNSSEC validation load (CVE-2012-3817) Security Issues: * CVE-2012-3817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817> SUSE bug 772945 CVE-2012-3817 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - Fix remote denial of service by misparsing incoming responses (CVE-2015-8000, bsc#958861). A non security issues was also fixed: - Fix a regression in caching entries with a ttl of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Critical) SUSE Linux Enterprise Server 11 SP1-TERADATA The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issue: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). Important SUSE bug 1007829 CVE-2016-8864 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: Security issue fixed: - CVE-2016-2775: Fixed a denial of service vulnerability related to very long query names (bsc#989528). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Important SUSE bug 1133185 SUSE bug 989528 CVE-2016-2775 CVE-2018-5743 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). - CVE-2018-5741: Fixed the documentation (bsc#1109160). Important SUSE bug 1109160 SUSE bug 1171740 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). Important SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 cpe:/o:suse:sles:11:sp1:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). Important SUSE bug 1192146 CVE-2021-25219 cpe:/o:suse:sles:11:sp1:teradata Security update for bluez (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bluez fixes the following issues: Security issue fixed: - CVE-2017-1000250: Fixed Out-of-bounds heap read in service_search_attr_req check if there is enough data to continue otherwise return an error (bsc#1057342). Moderate SUSE bug 1057342 CVE-2017-1000250 cpe:/o:suse:sles:11:sp1:teradata Security update for boost SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The following issue has been fixed: * boost::pool's ordered_malloc could have overflowed when calculating the allocation size (CVE-2012-2677). Security Issue reference: * CVE-2012-2677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677> SUSE bug 765443 SUSE bug 767949 CVE-2012-2677 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for bsdtar (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/o:suse:sles:11:sp1:teradata Security update for bsdtar (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bsdtar fixes the following issues: - CVE-2015-8915: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985601). - CVE-2015-8925: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985706). - CVE-2017-14503: Fixed an out of bounds read within lha_read_data_none() in archive_read_support_format_lha.c (bsc#1059139). - CVE-2016-8687: Fixed a buffer overflow when printing a filename (bsc#1005070). Moderate SUSE bug 1005070 SUSE bug 1059139 SUSE bug 985601 SUSE bug 985706 CVE-2015-8915 CVE-2015-8925 CVE-2016-8687 CVE-2017-14503 cpe:/o:suse:sles:11:sp1:teradata Security update for Mono SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following security bugs have been fixed: * Mono was vulnerable to a padding oracle attack (CVE-2010-3332). * Mono loaded shared libraries from the current directory (CVE-2010-4159). Security Issue references: * CVE-2010-3332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332> * CVE-2010-4159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4159> SUSE bug 648080 SUSE bug 648086 CVE-2010-3332 CVE-2010-4159 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for bzip2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes an integer overflow in the BZ2_decompress function of bzip2/libbz2. This could have been exploited via a crafted archive to cause a denial of service or even execute arbitrary code. (CVE-2010-0405) Security Issue reference: * CVE-2010-0405 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405> SUSE bug 636978 CVE-2010-0405 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles:11:sp1:teradata Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles:11:sp1:teradata Security update for cairo (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS (bsc#1049092). - CVE-2017-7475: Fix a segfault in get_bitmap_surface due to malformed font (bsc#1036789). Moderate SUSE bug 1007255 SUSE bug 1036789 SUSE bug 1049092 CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sles:11:sp1:teradata Security update for cairo (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cairo fixes the following issues: - CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321). Low SUSE bug 1122321 CVE-2019-6462 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The following issue has been fixed: * Viruses contained in specially crafted tar or CHM files could have evaded detection by clamav (CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). Security Issue references: * CVE-2012-1457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457> * CVE-2012-1458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458> * CVE-2012-1459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459> SUSE bug 753610 SUSE bug 753611 SUSE bug 753613 SUSE bug 767574 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issue fixed: - Fix permissions of /var/spool/amavis. (bsc#815106) Important SUSE bug 1045490 SUSE bug 815106 CVE-2012-6706 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Important SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issue fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option. Moderate SUSE bug 1144504 SUSE bug 1149458 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Moderate SUSE bug 1118459 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1187509 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles:11:sp1:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles:11:sp1:teradata Security update for coreutils (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for coreutils fixes the following issues: Security issues fixed: - CVE-2015-1865: Fixed an arbitrary file deletion (bsc#927949). - CVE-2015-4041, CVE-2015-4042: Fixed a buffer overflow related to case conversion (bsc#928749). - CVE-2017-2616: Fixed su PAM local SIGKILL denial of service (bsc#1023041). Moderate SUSE bug 1023041 SUSE bug 927949 SUSE bug 928749 CVE-2015-1865 CVE-2015-4041 CVE-2015-4042 CVE-2017-2616 cpe:/o:suse:sles:11:sp1:teradata Security update for cpio (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). - CVE-2016-2037: Fixed an out-of-bounds write in the way cpio parses certain cpio files (bsc#963448). Moderate SUSE bug 1155199 SUSE bug 963448 CVE-2016-2037 CVE-2019-14866 cpe:/o:suse:sles:11:sp1:teradata Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles:11:sp1:teradata Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles:11:sp1:teradata Security update for cracklib (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Moderate SUSE bug 928923 SUSE bug 992966 CVE-2016-6318 cpe:/o:suse:sles:11:sp1:teradata Security update for cron (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cron fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Other issues addressed: - Fixed an issue with SElinux where cron jobs were bocked when [permisive mode is selected (bsc#1046229). - Removed a duplicate sprintf and made some monepage changes (bsc#932499). Low SUSE bug 1046229 SUSE bug 1128935 SUSE bug 1128937 SUSE bug 932499 CVE-2019-9704 CVE-2019-9705 cpe:/o:suse:sles:11:sp1:teradata Security update for ctags (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ctags fixes the following issues: - CVE-2014-7204: Fixes a potential denial of service caused by an endless loop in javascript parser (bsc#899486). Moderate SUSE bug 899486 CVE-2014-7204 cpe:/o:suse:sles:11:sp1:teradata Security update for CUPS SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: * 601830: CSRF via admin web interface (CVE-2010-0540) * 680210: users in group 'lp' can overwrite arbitrary files (CVE-2010-2431) * 680212: denial of service via cupsDoAuthentication (CVE-2010-2432) * 711490: heap overflow in gif decoder (CVE-2011-2896) * 715643: heap overflow in gif decoder (CVE-2011-3170) Security Issue references: * CVE-2011-2896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896> * CVE-2010-2432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432> * CVE-2010-2431 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431> * CVE-2011-3170 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170> * CVE-2010-0540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540> SUSE bug 601830 SUSE bug 680210 SUSE bug 680212 SUSE bug 700987 SUSE bug 711490 SUSE bug 715643 CVE-2010-0540 CVE-2010-2431 CVE-2010-2432 CVE-2011-2896 CVE-2011-3170 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for cups (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). Moderate SUSE bug 1096405 SUSE bug 1096406 SUSE bug 1096407 SUSE bug 1096408 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sles:11:sp1:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). - Fixed a double free which was triggered by Java application (bsc#959478). Important SUSE bug 1146358 SUSE bug 1146359 SUSE bug 959478 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles:11:sp1:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cups fixes the following issues: - CVE-2020-3898: Fixed heap buffer overflow in libcups ppdFindOption() function (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles:11:sp1:teradata Security update for cups (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). Moderate SUSE bug 1180520 CVE-2020-10001 cpe:/o:suse:sles:11:sp1:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) Moderate SUSE bug 991389 SUSE bug 991390 CVE-2016-5419 CVE-2016-5420 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005642 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Moderate SUSE bug 1015332 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Moderate SUSE bug 1015332 SUSE bug 1032309 SUSE bug 1051644 CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Moderate SUSE bug 1061876 CVE-2017-1000254 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] Moderate SUSE bug 1027712 SUSE bug 1077001 CVE-2016-7141 CVE-2018-1000007 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) Moderate SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Moderate SUSE bug 1106019 CVE-2018-14618 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicious FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). Moderate SUSE bug 1179398 SUSE bug 1179399 CVE-2020-8284 CVE-2020-8285 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). Moderate SUSE bug 1183933 CVE-2021-22876 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles:11:sp1:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles:11:sp1:teradata Security update for CVS SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA A heap-based buffer overflow flaw was found in the way CVS read proxy connection HTTP responses. An attacker could exploit this to cause the application to crash or, potentially, execute arbitrary code in the context of the user running the application (CVE-2012-0804). Security Issue reference: * CVE-2012-0804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0804> SUSE bug 744059 CVE-2012-0804 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for cvs (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364) Moderate SUSE bug 1053364 CVE-2017-12836 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-imapd SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd. Security Issue references: * CVE-2011-3372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3372> * CVE-2011-3481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3481> SUSE bug 718428 SUSE bug 719998 CVE-2011-3372 CVE-2011-3481 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for cyrus-imapd (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include 'tls_versions: tls1_0 tls1_1 tls1_2'. New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Important SUSE bug 860611 SUSE bug 901748 SUSE bug 954200 SUSE bug 954201 SUSE bug 981670 CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-imapd (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-imapd fixes the following issues: Security issue fixed: - CVE-2017-14230: Fixed a off-by-one error in prefix calculation for the LIST command that could cause use of uninitialized memory (bsc#1058021). Low SUSE bug 1058021 CVE-2017-14230 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-imapd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-imapd fixes the following issues: - CVE-2021-33582: Fixed possible hash denial of service (bsc#1189313). Moderate SUSE bug 1189313 CVE-2021-33582 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles:11:sp1:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles:11:sp1:teradata Security update for dbus-1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles:11:sp1:teradata Security update for dhcp SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of dhcp fixes two security vulnerabilities: * Malformed client identifiers could cause a Denial of Service (excessive CPU consumption), effectively causing further client requests to not be processed anymore. (CVE-2012-3571 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571> ) * Two unspecified memory leaks. (CVE-2012-3954 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954> ) Additionally, the following issues were fixed: * The init script of dhcp-server was fixed to check syntax and fail on force-reload and restart to avoid stopping of running daemon followed by start failure * Added libgcc_s.so to chroot, so the server can report an assert/crash line. SUSE bug 762108 SUSE bug 772924 CVE-2012-3571 CVE-2012-3954 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code Moderate SUSE bug 880984 SUSE bug 936923 SUSE bug 961305 CVE-2015-8605 cpe:/o:suse:sles:11:sp1:teradata Security update for dhcp (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Low SUSE bug 969820 CVE-2016-2774 cpe:/o:suse:sles:11:sp1:teradata Security update for dhcp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for dhcp fixes the following issues: - CVE-2017-3144: Plugs a socket descriptor leak in OMAPI (bsc#1076119) - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1076119 SUSE bug 1186382 CVE-2017-3144 CVE-2021-25217 cpe:/o:suse:sles:11:sp1:teradata Security update for dhcpcd SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 A stack overflow in dhcpcd was fixed which could be used by network local attackers to crash the dhcpcd and so causing loss of DHCP functionality. (CVE-2012-2152) Security Issue references: * CVE-2012-2152 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2152> SUSE bug 758227 SUSE bug 760334 CVE-2012-2152 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for dhcpcd (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:sles:11:sp1:teradata Security update for dhcpv6 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server (CVE-2011-0997). Security Issue reference: * CVE-2011-0997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997> SUSE bug 675052 CVE-2011-0997 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for djvulibre (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:suse:sles:11:sp1:teradata Security update for djvulibre (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Low SUSE bug 1156188 CVE-2019-18804 cpe:/o:suse:sles:11:sp1:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles:11:sp1:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles:11:sp1:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles:11:sp1:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for djvulibre fixes the following issues: - Extend CVE-2021-3630 fix (bsc#1187869). Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles:11:sp1:teradata Security update for dnsmasq SUSE Linux Enterprise Server 11 SP1-TERADATA The DNS server dnsmasq was updated to fix one security issue: * CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service (DoS) or read memory from the heap, potentially disclosing information such as performed DNS queries or encryption keys. (bsc#928867) Security Issues: * CVE-2015-3294 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294> SUSE bug 928867 CVE-2015-3294 cpe:/o:suse:sles:11:sp1:teradata Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for dnsmasq fixes the following issues: - CVE-2017-14491: DNS - 2 byte heap based overflow. [bsc#1060354] Important SUSE bug 1060354 CVE-2017-14491 cpe:/o:suse:sles:11:sp1:teradata Security update for e2fsprogs SUSE Linux Enterprise Server 11 SP1-TERADATA Two security issues were fixed in e2fsprogs: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346) Additionally, the following bugs were fixed: * badblocks was enhanced to work with very large partitions. (bsc#932539) * e2fsck was fixed to mark sparse journals as invalid. (bnc#769256) * dumpe2fs usage on mounted filesystems was clarified. (bnc#708243) Security Issues: * CVE-2015-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247> * CVE-2015-1572 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572> SUSE bug 708243 SUSE bug 769256 SUSE bug 915402 SUSE bug 918346 SUSE bug 932539 CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sles:11:sp1:teradata Security update for e2fsprogs (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Moderate SUSE bug 1160571 CVE-2019-5188 cpe:/o:suse:sles:11:sp1:teradata Security update for ecryptfs-utils SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 ecryptfs-utils was updated to fix a security issue and some bugs. Security issue fixed: mount.ecryptfs_private did not set correct group ownerships when it modifies mtab (CVE-2011-3145). Also some bugs that made this set of tools non-working were fixed. You need to manually hand setuid root permissions to /sbin/mount.ecryptfs_private if you want to use it as a non-root user. Security Issues: * CVE-2011-3145 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3145> SUSE bug 735342 SUSE bug 745372 SUSE bug 745581 SUSE bug 745584 SUSE bug 745825 CVE-2011-3145 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:sles:11:sp1:teradata Security update for ed SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a heap-based buffer overflow in ed which can be exploited remotely only with user-assistance. CVE-2008-3916: CVSS v2 Base Score: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C): Buffer Errors (CWE-119) Security Issue reference: * CVE-2008-3916 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916> SUSE bug 474587 CVE-2008-3916 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for ed (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. (bsc#1019807) Low SUSE bug 1019807 CVE-2017-5357 cpe:/o:suse:sles:11:sp1:teradata Security update for elfutils SUSE Linux Enterprise Server 11 SP1-TERADATA elfutils has been updated to fix one security issue: * CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662). Security Issues: * CVE-2014-9447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447> SUSE bug 911662 CVE-2014-9447 cpe:/o:suse:sles:11:sp1:teradata Security update for elfutils (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403:Fixed a heap-based buffer over-read in in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c which could have lead to denial of service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Low SUSE bug 1030472 SUSE bug 1030476 SUSE bug 1033084 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1106390 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:suse:sles:11:sp1:teradata Security update for emacs (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/o:suse:sles:11:sp1:teradata Security update for evince SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of evince fixes a buffer overflow in linetoken(). (CVE-2011-0433) Security Issue reference: * CVE-2011-0433 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433> SUSE bug 671064 CVE-2011-0433 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for evince (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file. (bsc#1070046) Moderate SUSE bug 1070046 CVE-2017-1000159 cpe:/o:suse:sles:11:sp1:teradata Security update for evince (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles:11:sp1:teradata Security update for exempi (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file (bsc#1085585). Moderate SUSE bug 1085295 SUSE bug 1085585 CVE-2017-18234 CVE-2018-7730 cpe:/o:suse:sles:11:sp1:teradata Security update for expat SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of expat fixes the following bugs: * hash collision attack that could lead to exessive CPU usage (CVE-2012-0876) * expat didn't close file descriptors in some cases (CVE-2012-1147) * specially crafted xml files could lead to a memory leak (CVE-2012-1148) Security Issue references: * CVE-2012-0876 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876> * CVE-2012-1147 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147> * CVE-2012-1148 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148> SUSE bug 750914 SUSE bug 751464 SUSE bug 751465 SUSE bug 755377 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Important SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Moderate SUSE bug 1022037 SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles:11:sp1:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles:11:sp1:teradata Security update for facter (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for facter fixes the following issues: - CVE-2015-1426: Prevent the EC2 metadata fact from collecting security credentials (bsc#917383). Moderate SUSE bug 917383 CVE-2015-1426 cpe:/o:suse:sles:11:sp1:teradata Security update for fastjar SUSE Linux Enterprise Server 11 SP1-TERADATA This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831> SUSE bug 607043 CVE-2010-0831 cpe:/o:suse:sles:11:sp1:teradata Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Moderate SUSE bug 775988 CVE-2012-3482 cpe:/o:suse:sles:11:sp1:teradata Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875) Moderate SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles:11:sp1:teradata Security update for file-roller (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for file-roller fixes the following issues: - Fixed a potential denial of service when extracting a zip files (bsc#937635). Moderate SUSE bug 937635 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides Mozilla Firefox 10, which provides many fixes, security and feature enhancements. For a detailed list, please have a look at http://www.mozilla.org/en-US/firefox/10.0/releasenotes/ <http://www.mozilla.org/en-US/firefox/10.0/releasenotes/> and http://www.mozilla.org/de/firefox/features/ <http://www.mozilla.org/de/firefox/features/> The following security issues have been fixed in this update: * Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-01 <http://www.mozilla.org/security/announce/2012/mfsa2012-01.html> , CVE-2012-0442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442> , CVE-2012-0443 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443> ) * Alex Dvorov reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy. (MFSA 2012-03 <http://www.mozilla.org/security/announce/2012/mfsa2012-03.html> , CVE-2012-0445 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445> ) * Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution. (MFSA 2012-04 <http://www.mozilla.org/security/announce/2012/mfsa2012-04.html> , CVE-2011-3659 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659> ) * Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts. (MFSA 2012-05 <http://www.mozilla.org/security/announce/2012/mfsa2012-05.html> , CVE-2012-0446 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446> ) * Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with a value different than the size of the source image. There is the possibility of sensitive data from uninitialized memory being appended to a PNG image when converted fron an ICO format image. This sensitive data may then be disclosed in the resulting image. ((MFSA 2012-06) http://www.mozilla.org/security/announce/2012/mfsa2012-06.html], [CVE-2012-0447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447> ) * Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. (MFSA 2012-07 <http://www.mozilla.org/security/announce/2012/mfsa2012-07.html> , CVE-2012-0444 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444> ) * Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. (MFSA 2012-08 <http://www.mozilla.org/security/announce/2012/mfsa2012-08.html> , CVE-2012-0449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449> ) * magicant starmen reported that if a user chooses to export their Firefox Sync key the 'Firefox Recovery Key.html' file is saved with incorrect permissions, making the file contents potentially readable by other users on Linux and OS X systems. (MFSA 2012-09 <http://www.mozilla.org/security/announce/2012/mfsa2012-09.html> , CVE-2012-0450 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450> ) SUSE bug 742826 CVE-2011-3659 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0450 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. * MFSA 2012-20: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Christian Holler a reported memory safety and security problem affecting Firefox 11. (CVE-2012-0468) Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay reported memory safety problems and crashes that affect Firefox ESR and Firefox 11. (CVE-2012-0467) * MFSA 2012-22 / CVE-2012-0469: Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable. * MFSA 2012-23 / CVE-2012-0470: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems. * MFSA 2012-24 / CVE-2012-0471: Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages. * MFSA 2012-25 / CVE-2012-0472: Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupported code path. This corruption causes a potentially exploitable crash on affected systems. * MFSA 2012-26 / CVE-2012-0473: Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory. * MFSA 2012-27 / CVE-2012-0474: Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker's site, leaving users vulnerable to cross-site scripting (XSS) attacks. * MFSA 2012-28 / CVE-2012-0475: Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. * MFSA 2012-29 / CVE-2012-0477: Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection. * MFSA 2012-30 / CVE-2012-0478: Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. * MFSA 2012-31 / CVE-2011-3062: Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. * MFSA 2012-32 / CVE-2011-1187: Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. * MFSA 2012-33 / CVE-2012-0479: Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site. Security Issue references: * CVE-2012-0468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468> * CVE-2012-0469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469> * CVE-2012-0470 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470> * CVE-2012-0471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471> * CVE-2012-0472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0472> * CVE-2012-0473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473> * CVE-2012-0474 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474> * CVE-2012-0477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477> * CVE-2012-0478 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478> * CVE-2011-3062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062> * CVE-2012-0479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479> SUSE bug 758408 CVE-2011-3062 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 MozillaFirefox has been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The following security issues have been fixed: * MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. * MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. * MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-afte.r-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. o CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode o CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames * MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. * MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality ('View Image', 'Show only this frame', and 'View background image') are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution. * MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using tag within the RSS . This problem is due to tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input. * MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution. * MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality. * MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla's color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered. * MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Frederic Buclin reported that the 'X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages. * MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers. This can lead to a potentially exploitable crash. * MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the 'report-uri' location include sensitive data within the 'blocked-uri' parameter. These include fragment components and query strings even if the 'blocked-uri' parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites. * MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the 'Add Exception' button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one. This can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added. * MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites. * MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution. Security Issue references: * CVE-2012-1967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967> * CVE-2012-1948 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948> * CVE-2012-1949 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949> * CVE-2012-1951 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951> * CVE-2012-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952> * CVE-2012-1953 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953> * CVE-2012-1954 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954> * CVE-2012-1966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966> * CVE-2012-1958 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958> * CVE-2012-1959 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959> * CVE-2012-1962 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962> * CVE-2012-1950 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950> * CVE-2012-1955 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955> * CVE-2012-1957 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957> * CVE-2012-1961 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961> * CVE-2012-1963 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963> * CVE-2012-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964> * CVE-2012-1965 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965> SUSE bug 771583 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative 'height' header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a 'requiredFeatures' attribute is moved between documents. In that situation, the internal representation of the 'requiredFeatures' value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. SUSE bug 777588 CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues: * MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.) * MFSA 2012-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-3983: Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. * CVE-2012-3982: Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. * MFSA 2012-75 / CVE-2012-3984: Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation * MFSA 2012-76 / CVE-2012-3985: Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. * MFSA 2012-77 / CVE-2012-3986: Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. * MFSA 2012-78 / CVE-2012-3987: Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. This vulnerability only affects Firefox for Android. * MFSA 2012-79 / CVE-2012-3988: Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. * MFSA 2012-80 / CVE-2012-3989: Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. * MFSA 2012-81 / CVE-2012-3991: Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. * MFSA 2012-82 / CVE-2012-3994: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. * MFSA 2012-83: Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. * CVE-2012-3993: XrayWrapper pollution via unsafe COW * CVE-2012-4184: ChromeObjectWrapper is not implemented as intended * MFSA 2012-84 / CVE-2012-3992: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. * MFSA 2012-85: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. * CVE-2012-3995: Out of bounds read in IsCSSWordSpacingSpace * CVE-2012-4179: Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn * CVE-2012-4180: Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace * CVE-2012-4181: Heap-use-after-free in nsSMILAnimationController::DoSample * CVE-2012-4182: Heap-use-after-free in nsTextEditRules::WillInsert * CVE-2012-4183: Heap-use-after-free in DOMSVGTests::GetRequiredFeatures * MFSA 2012-86: Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. * CVE-2012-4185: Global-buffer-overflow in nsCharTraits::length * CVE-2012-4186: Heap-buffer-overflow in nsWaveReader::DecodeAudioData * CVE-2012-4187: Crash with ASSERTION: insPos too small * CVE-2012-4188: Heap-buffer-overflow in Convolve3x3 * MFSA 2012-87 / CVE-2012-3990: Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. * MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. Security Issue reference: * CVE-2012-3977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3977> * CVE-2012-3982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982> * CVE-2012-3983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983> * CVE-2012-3984 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984> * CVE-2012-3985 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985> * CVE-2012-3986 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986> * CVE-2012-3987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987> * CVE-2012-3988 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988> * CVE-2012-3989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989> * CVE-2012-3990 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990> * CVE-2012-3991 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991> * CVE-2012-3992 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992> * CVE-2012-3993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993> * CVE-2012-3994 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994> * CVE-2012-3995 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995> * CVE-2012-4179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179> * CVE-2012-4180 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180> * CVE-2012-4181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181> * CVE-2012-4182 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182> * CVE-2012-4183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183> * CVE-2012-4184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184> * CVE-2012-4185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185> * CVE-2012-4186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186> * CVE-2012-4187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187> * CVE-2012-4188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188> * CVE-2012-4192 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192> * CVE-2012-4193 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193> SUSE bug 783533 CVE-2012-3977 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3987 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to the 10.0.10ESR security release. The following issues have been fixed: * MFSA 2012-90: Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below. Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. * CVE-2012-4194: Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. * CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. * CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. SUSE bug 786522 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to 'top'. This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the '~' character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox 'new tab' page, the script will inherit the privileges of the privileged 'new tab' page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) SUSE bug 790140 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4206 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to the 10.0.12ESR release. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769> ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749> ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770> ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760> ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762> ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766> ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767> ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761> ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763> ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771> ) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829> ) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768> ) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. ( CVE-2013-0759 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759> ) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. ( CVE-2013-0744 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744> ) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751> ) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764> ) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745> ) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746> ) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747> ) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748> ) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750> ) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752> ) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757> ) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758> ) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753> ) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754> ) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755> ) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756> ) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743> ) SUSE bug 796628 SUSE bug 796895 CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox has been updated to the 17.0.3ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes: * MFSA 2013-28: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. * The following issues have been fixed in Firefox 19 and ESR 17.0.3: o Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns (CVE-2013-0780) o Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion (CVE-2013-0782) * MFSA 2013-27 / CVE-2013-0776: Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. * MFSA 2013-26 / CVE-2013-0775: Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. * MFSA 2013-25 / CVE-2013-0774: Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. * MFSA 2013-24 / CVE-2013-0773: Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. * MFSA 2013-23 / CVE-2013-0765: Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. * MFSA 2013-22 / CVE-2013-0772: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. * MFSA 2013-21: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. * Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19 (CVE-2013-0783) SUSE bug 803326 SUSE bug 804248 CVE-2013-0765 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox has been updated to the 17.0.4ESR release which fixes one important security issue: * MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. Security Issue reference: * CVE-2013-0787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787> SUSE bug 808243 CVE-2013-0787 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox has been updated to the 17.0.5ESR release fixing bugs and security issues. Also Mozilla NSS has been updated to version 3.14.3 and Mozilla NSPR to 4.9.6. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 19. (CVE-2013-0789) Jim Chen reported a memory safety problem that affects Firefox for Android 19. (CVE-2013-0790) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-33 / CVE-2013-0798: Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation. This vulnerability only affects Firefox for Android. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-079: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789> * CVE-2013-0790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 813026 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 17.0.6ESR security release. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. SUSE bug 792432 SUSE bug 819204 CVE-2013-0788 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security issues: * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues: * MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) * MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. * MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. * MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. * MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) o ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) o ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) * MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to the 24.3.0ESR security release. The Following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Also Mozilla NSS was updated to the 3.15.4 release. * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477> * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479> * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480> * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481> * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482> * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483> * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484> * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485> * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486> * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487> * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488> * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489> * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490> * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491> SUSE bug 859055 SUSE bug 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs: * MFSA 2014-15: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 24.3 and Firefox 27. (CVE-2014-1493) * Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato reported memory safety problems and crashes that affect Firefox 27. (CVE-2014-1494) * MFSA 2014-16 / CVE-2014-1496: Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system. * MFSA 2014-17 / CVE-2014-1497: Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. * MFSA 2014-18 / CVE-2014-1498: Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. * MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the webcam or microphone by masquerading as another site and gaining user permission through spoofing. * MFSA 2014-20 / CVE-2014-1500: Security researchers Tim Philipp Schaefers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application. * MFSA 2014-21 / CVE-2014-1501: Security researcher Alex Infuehr reported that on Firefox for Android it is possible to open links to local files from web content by selecting 'Open Link in New Tab' from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems. * MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances. * MFSA 2014-23 / CVE-2014-1504: Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces a browser crash with another bug, an XSS attack would occur during session restoration, bypassing the CSP on the site. * MFSA 2014-26 / CVE-2014-1508: Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresses. In combination with previous techniques used for SVG timing attacks, this could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-27 / CVE-2014-1509: Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed. * MFSA 2014-28 / CVE-2014-1505: Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511: Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. * MFSA 2014-30 / CVE-2014-1512: Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. * MFSA 2014-31 / CVE-2014-1513: Security researcher Jueri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution. * MFSA 2014-32 / CVE-2014-1514: Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. SUSE bug 868603 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html <https://www.mozilla.org/security/announce/2014/mfsa2014-63.html> * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html <https://www.mozilla.org/security/announce/2014/mfsa2014-56.html> * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html <https://www.mozilla.org/security/announce/2014/mfsa2014-57.html> * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html <https://www.mozilla.org/security/announce/2014/mfsa2014-58.html> * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html <https://www.mozilla.org/security/announce/2014/mfsa2014-59.html> * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html <https://www.mozilla.org/security/announce/2014/mfsa2014-66.html> * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html <https://www.mozilla.org/security/announce/2014/mfsa2014-61.html> * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html <https://www.mozilla.org/security/announce/2014/mfsa2014-62.html> * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html <https://www.mozilla.org/security/announce/2014/mfsa2014-64.html> * CVE-2014-1558, CVE-2014-1559, CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html <https://www.mozilla.org/security/announce/2014/mfsa2014-65.html> * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html <https://www.mozilla.org/security/announce/2014/mfsa2014-60.html> Security Issues: * CVE-2014-1557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557> * CVE-2014-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547> * CVE-2014-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548> * CVE-2014-1556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556> * CVE-2014-1544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544> * CVE-2014-1555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555> SUSE bug 887746 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . SUSE bug 894370 CVE-2014-1562 CVE-2014-1567 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587> * CVE-2014-1588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588> * CVE-2014-1589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589> * CVE-2014-1590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590> * CVE-2014-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591> * CVE-2014-1592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592> * CVE-2014-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593> * CVE-2014-1594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594> * CVE-2014-1595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595> SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificates list. For more information, please refer to https://www.mozilla.org/en-US/security/advisories/ <https://www.mozilla.org/en-US/security/advisories/> . Security Issues: * CVE-2014-1569 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569> * CVE-2014-8634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634> * CVE-2014-8639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639> * CVE-2014-8641 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641> * CVE-2014-8638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638> * CVE-2014-8636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636> * CVE-2014-8637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637> * CVE-2014-8640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640> SUSE bug 910647 SUSE bug 910669 SUSE bug 913064 SUSE bug 913066 SUSE bug 913067 SUSE bug 913068 SUSE bug 913102 SUSE bug 913103 SUSE bug 913104 CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitrary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817> * CVE-2015-0818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818> SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-TERADATA This update to Firefox 31.7.0 ESR fixes the following issues: * MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. * MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. * MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. * MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. * MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537. Security Issues: * CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> * CVE-2015-2708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708> * CVE-2015-2709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709> * CVE-2015-2710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710> * CVE-2015-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713> * CVE-2015-2716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716> SUSE bug 930622 CVE-2015-0797 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557): Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558): Add-on notification bypass through data URLs Important SUSE bug 943557 SUSE bug 943558 SUSE bug 943608 CVE-2015-4497 CVE-2015-4498 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues: * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs: * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894): * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues: Mozilla Firefox was updated to the 60.9.0esr release: Security Advisory MFSA 2019-27: * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449, bsc#1149297) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033, bsc#1149297) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715, bsc#1149303) * Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11753 (bmo#1574980, bsc#1149295) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152, bsc#1149296) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015, bsc#1149294) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495, bsc#1149298) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299) - Rebuild glib2 schemas on SLE-11 (bsc#1145550) Changes in firefox-glib2: - Fix the rpm macros %glib2_gsettings_schema_* which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Changes in firefox-gtk3: - Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm macros %glib2_gsettings_schema_* in firefox-glib2 package which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Important SUSE bug 1145550 SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla Firefox (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 (bsc#1154738) * CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757: Use-after-free when creating index updates in IndexedDB * CVE-2019-11758: Potentially exploitable crash due to 360 Total Security * CVE-2019-11759: Stack buffer overflow in HKDF output * CVE-2019-11760: Stack buffer overflow in WebRTC networking * CVE-2019-11761: Unintended access to a privileged JSONView object * CVE-2019-11762: document.domain-based origin isolation has same-origin- property violation * CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 Other Issues resolved: * [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20 * [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in * [bsc#1043008] Firefox hangs randomly when browsing and scrolling * [bsc#1025108] Firefox stops loading page until mouse is moved * [bsc#905528] Firefox malfunctions due to broken omni.ja archives Important SUSE bug 1000036 SUSE bug 1001652 SUSE bug 1025108 SUSE bug 1029377 SUSE bug 1029902 SUSE bug 1040164 SUSE bug 104105 SUSE bug 1042670 SUSE bug 1043008 SUSE bug 1044946 SUSE bug 1047925 SUSE bug 1047936 SUSE bug 1048299 SUSE bug 1049186 SUSE bug 1050653 SUSE bug 1056058 SUSE bug 1058013 SUSE bug 1066242 SUSE bug 1066953 SUSE bug 1070738 SUSE bug 1070853 SUSE bug 1072320 SUSE bug 1072322 SUSE bug 1073796 SUSE bug 1073798 SUSE bug 1073799 SUSE bug 1073803 SUSE bug 1073808 SUSE bug 1073818 SUSE bug 1073823 SUSE bug 1073829 SUSE bug 1073830 SUSE bug 1073832 SUSE bug 1073846 SUSE bug 1074235 SUSE bug 1077230 SUSE bug 1079761 SUSE bug 1081750 SUSE bug 1082318 SUSE bug 1087453 SUSE bug 1087459 SUSE bug 1087463 SUSE bug 1088573 SUSE bug 1091764 SUSE bug 1094814 SUSE bug 1097158 SUSE bug 1097375 SUSE bug 1097401 SUSE bug 1097404 SUSE bug 1097748 SUSE bug 1104841 SUSE bug 1105019 SUSE bug 1107030 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 SUSE bug 1120644 SUSE bug 1122191 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1127532 SUSE bug 1129346 SUSE bug 1130694 SUSE bug 1130840 SUSE bug 1133452 SUSE bug 1133810 SUSE bug 1134209 SUSE bug 1138459 SUSE bug 1140290 SUSE bug 1140868 SUSE bug 1141853 SUSE bug 1144919 SUSE bug 1145665 SUSE bug 1146090 SUSE bug 1146091 SUSE bug 1146093 SUSE bug 1146094 SUSE bug 1146095 SUSE bug 1146097 SUSE bug 1146099 SUSE bug 1146100 SUSE bug 1149323 SUSE bug 1153423 SUSE bug 1154738 SUSE bug 1447070 SUSE bug 1447409 SUSE bug 744625 SUSE bug 744629 SUSE bug 845955 SUSE bug 865853 SUSE bug 905528 SUSE bug 917607 SUSE bug 935856 SUSE bug 937414 SUSE bug 947747 SUSE bug 948045 SUSE bug 948602 SUSE bug 955142 SUSE bug 957814 SUSE bug 957815 SUSE bug 961254 SUSE bug 962297 SUSE bug 966076 SUSE bug 966077 SUSE bug 985201 SUSE bug 986541 SUSE bug 991344 SUSE bug 998743 CVE-2013-2882 CVE-2013-6639 CVE-2013-6640 CVE-2013-6668 CVE-2014-0224 CVE-2015-3193 CVE-2015-3194 CVE-2015-5380 CVE-2015-7384 CVE-2016-2086 CVE-2016-2178 CVE-2016-2183 CVE-2016-2216 CVE-2016-5172 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 CVE-2017-1000381 CVE-2017-10686 CVE-2017-11111 CVE-2017-11499 CVE-2017-14228 CVE-2017-14849 CVE-2017-14919 CVE-2017-15896 CVE-2017-15897 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 CVE-2017-18207 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-1000168 CVE-2018-12115 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-20406 CVE-2018-20852 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 CVE-2018-7161 CVE-2018-7167 CVE-2019-10160 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13173 CVE-2019-15903 CVE-2019-5010 CVE-2019-5737 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2019-9636 CVE-2019-9811 CVE-2019-9812 CVE-2019-9947 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. Moderate SUSE bug 1137338 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. Security Issues: * CVE-2014-1574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574> * CVE-2014-1575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575> * CVE-2014-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576> * CVE-2014-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577> * CVE-2014-1578 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578> * CVE-2014-1581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581> * CVE-2014-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583> * CVE-2014-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585> * CVE-2014-1586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586> SUSE bug 900941 SUSE bug 905056 SUSE bug 905528 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for flac SUSE Linux Enterprise Server 11 SP1-TERADATA flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962> * CVE-2014-9028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028> SUSE bug 906831 SUSE bug 907016 CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sles:11:sp1:teradata Security update for flac (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ (bsc#1196660). Moderate SUSE bug 1196660 CVE-2021-0561 cpe:/o:suse:sles:11:sp1:teradata Security update for foomatic-filters SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The foomatic print filters of the hplip package contained a remote code execution vulnerability. Remote users, if allowed to access a print server such as CUPS, could execute arbitrary commands as lp system user. CVE-2011-2697: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) Security Issue references: * CVE-2011-2697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2697> * CVE-2011-2964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964> SUSE bug 698451 CVE-2011-2697 CVE-2011-2964 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for foomatic-filters (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Moderate SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sles:11:sp1:teradata Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bnc#1041445) - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. (bnc#935573) The following non security issue was fixed: - Cannot create table radpostauth because of deprecated TIMESTAMP(14) syntax. (bsc#912873) Moderate SUSE bug 1041445 SUSE bug 912873 SUSE bug 935573 CVE-2015-4680 CVE-2017-9148 cpe:/o:suse:sles:11:sp1:teradata Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10979 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 cpe:/o:suse:sles:11:sp1:teradata Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for freeradius-server fixes the following issues: - Moved logrotate options into specific parts for each config as 'global' options will persist past and clobber global options in the main logrotate config (bsc#1180525) Moderate SUSE bug 1180525 cpe:/o:suse:sles:11:sp1:teradata Security update for freetype2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 Specially crafted font files could have caused buffer overflows in freetype. This has been fixed. Security Issue references: * CVE-2012-1129 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129> * CVE-2012-1127 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127> * CVE-2012-1140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140> * CVE-2012-1138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138> * CVE-2012-1131 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131> * CVE-2012-1141 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141> * CVE-2012-1132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132> * CVE-2012-1139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139> * CVE-2012-1137 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137> * CVE-2012-1126 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126> * CVE-2012-1142 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142> * CVE-2012-1128 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128> * CVE-2012-1130 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130> * CVE-2012-1136 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136> * CVE-2012-1143 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143> * CVE-2012-1133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133> * CVE-2012-1135 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135> * CVE-2012-1144 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144> * CVE-2012-1134 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134> SUSE bug 750937 SUSE bug 750938 SUSE bug 750939 SUSE bug 750940 SUSE bug 750941 SUSE bug 750942 SUSE bug 750943 SUSE bug 750944 SUSE bug 750945 SUSE bug 750946 SUSE bug 750947 SUSE bug 750948 SUSE bug 750949 SUSE bug 750950 SUSE bug 750951 SUSE bug 750952 SUSE bug 750953 SUSE bug 750954 SUSE bug 750955 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c (CVE-2014-9745, bsc#945849) - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (CVE-2014-9747, bsc#947966) Moderate SUSE bug 945849 SUSE bug 947966 CVE-2014-9745 CVE-2014-9747 cpe:/o:suse:sles:11:sp1:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) Moderate SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles:11:sp1:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c (bsc#1034191). Moderate SUSE bug 1034191 CVE-2016-10328 cpe:/o:suse:sles:11:sp1:teradata Security update for freetype2 SUSE Linux Enterprise Server 11 SP1-TERADATA The font rendering library freetype2 has been updated to fix various security issues. Security Issues: * CVE-2014-9656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656> * CVE-2014-9657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657> * CVE-2014-9658 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658> * CVE-2014-9660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660> * CVE-2014-9661 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661> * CVE-2014-9662 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662> * CVE-2014-9667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667> * CVE-2014-9666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666> * CVE-2014-9665 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665> * CVE-2014-9664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664> * CVE-2014-9663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663> * CVE-2014-9659 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659> * CVE-2014-9668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668> * CVE-2014-9669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669> * CVE-2014-9670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670> * CVE-2014-9671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671> * CVE-2014-9672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672> * CVE-2014-9673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673> * CVE-2014-9674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674> * CVE-2014-9675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675> SUSE bug 916856 SUSE bug 916857 SUSE bug 916858 SUSE bug 916859 SUSE bug 916861 SUSE bug 916863 SUSE bug 916864 SUSE bug 916865 SUSE bug 916870 SUSE bug 916871 SUSE bug 916872 SUSE bug 916873 SUSE bug 916874 SUSE bug 916879 SUSE bug 916881 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sles:11:sp1:teradata Security update for fuse (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797). Moderate SUSE bug 1101797 CVE-2018-10906 cpe:/o:suse:sles:11:sp1:teradata Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gcc43 fixes the following issues: Security issues fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] Support for new security mitigations added: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection. [bnc#1039513] Moderate SUSE bug 1039513 SUSE bug 1045091 SUSE bug 1059075 SUSE bug 1074621 CVE-2017-1000376 cpe:/o:suse:sles:11:sp1:teradata Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Moderate SUSE bug 1086069 SUSE bug 1092807 CVE-2017-5715 cpe:/o:suse:sles:11:sp1:teradata Security update for gcc48 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Properly diagnose missing -fsanitize=address support on ppc64le. [bsc#1028744] - Backport patch for PR65612. [bsc#1022062] - Re-spin to provide missing libasan0-32bit and other multilibs via the updated product description. [bsc#951644] - Fixed for DR#1288. [bsc#1011348] - Fix libffi issue for armv7l. [bsc#988274] - Fixed a kernel miscompile on aarch64. [bnc #981311] - Fixed a ppc64le internal compiler error. [bnc #976627] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed samba build on AARCH64. [bsc#970009] - Build without GRAPHITE where cloog-isl is not available. - Fixed HTM builtins on powerpc. [bsc#955382] - Fixed build of SLOF. [bsc#949000] - Fixed C++11 std::random_device short reads, CVE-2015-5276. [bsc#945842] - Fixed libffi issues on aarch64. [bsc#948168] - Fixed no_instrument_function attribute handling on PPC64 with -mprofile-kernel. [bsc#947791] - Enable 32bit code generation for ppc64le but do not build 32bit target libraries. Fixes ppc64le kernel compile. - Update to GCC 4.8.5 release. * Fixes bogus integer overflow in constant expression. [bsc#934689] * Fixes ICE with atomics on aarch64. [bsc#930176] - Fixed reload issue on S390. - Add patch to keep functions leaf when they are instrumented for profiling on s390[x]. [bsc#899871] - Avoid accessing invalid memory when passing aggregates by value. [bsc#922534] - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. [bsc#927993] - Update to gcc-4_8-branch head (r221715). * Includes GCC 4.8.4 release. * Includes fix for -imacros bug. [bsc#917169] * Includes fix for incorrect -Warray-bounds warnings. [bsc#919274] * Includes updated -mhotpatch for s390x. [bsc#924525] * Includes fix for ppc64le issue with doubleword vector extract. [bsc#924687] - Backport rework of the memory allocator for C++ exceptions used in OOM situations. [bsc#889990] - Remove invalid use of glibc internals in TSAN. - Update to gcc-4_8-branch head (r218481). * Includes patches to allow building against ISL 0.14. - Disable all languages but C, C++, Fortran and Ada. [fate#316860] Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 SUSE bug 878067 SUSE bug 889990 SUSE bug 899871 SUSE bug 917169 SUSE bug 919274 SUSE bug 922534 SUSE bug 924525 SUSE bug 924687 SUSE bug 927993 SUSE bug 930176 SUSE bug 934689 SUSE bug 945842 SUSE bug 947772 SUSE bug 947791 SUSE bug 948168 SUSE bug 949000 SUSE bug 951644 SUSE bug 955382 SUSE bug 970009 SUSE bug 976627 SUSE bug 977654 SUSE bug 981311 SUSE bug 988274 CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sles:11:sp1:teradata Security update for gcc48 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gcc48 fixes the following issues: - CVE-2019-14250: Fixed an integer overflow that could lead to an invalid memory access (bsc#1142649). Non-security fixes: - Fixed an issue with manual page builds (bsc#1185395). - Fixed an issue with static initializers (bsc#1177947). - Fixed an issue with exception handling on s390x (bsc#1161913). - Fixed a reload bug on aarch64 (bsc#1093797). - Added a Spectre V2 mitigation for s390x (bsc#1083945). Important SUSE bug 1071995 SUSE bug 1082130 SUSE bug 1083945 SUSE bug 1087932 SUSE bug 1093797 SUSE bug 1131264 SUSE bug 1142649 SUSE bug 1161913 SUSE bug 1177947 SUSE bug 1178675 SUSE bug 1185395 CVE-2019-14250 cpe:/o:suse:sles:11:sp1:teradata Security update for gd SUSE Linux Enterprise Server 11 SP1-TERADATA The graphics drawing library gd has been updated to fix one security issue: * possible buffer read overflow (CVE-2014-9709) Security Issues: * CVE-2014-9709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709> SUSE bug 923945 CVE-2014-9709 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] Moderate SUSE bug 988032 CVE-2016-6161 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Moderate SUSE bug 1015187 CVE-2016-9933 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Moderate SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 CVE-2016-10167 CVE-2016-10168 CVE-2016-9317 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This non-security issue was fixed: - Fixed gd2togif error message (bsc#1025223) Moderate SUSE bug 1025223 SUSE bug 1076391 CVE-2018-5711 cpe:/o:suse:sles:11:sp1:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gd fixes the following issues: Security vulnerability addressed: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2019-6978: Fixed a double free in the GD graphics library (bsc#1123522). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1123522 SUSE bug 1140120 CVE-2017-7890 CVE-2019-11038 CVE-2019-6978 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237) Moderate SUSE bug 1004237 CVE-2016-8602 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript-library fixes several issues. These security issues were fixed: - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Moderate SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-9601 CVE-2017-11714 CVE-2017-7207 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c (bsc#1090099) - Fixed a crash in the fix for CVE-2016-9601. Moderate SUSE bug 1090099 CVE-2016-9601 CVE-2018-10194 cpe:/o:suse:sles:11:sp1:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Important SUSE bug 1050893 SUSE bug 1106173 SUSE bug 1107410 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107426 CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 cpe:/o:suse:sles:11:sp1:teradata Recommended update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles:11:sp1:teradata Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/o:suse:sles:11:sp1:teradata Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). Moderate SUSE bug 974847 CVE-2016-3977 cpe:/o:suse:sles:11:sp1:teradata Security update for glib2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). Moderate SUSE bug 1107116 SUSE bug 1111499 CVE-2018-16429 cpe:/o:suse:sles:11:sp1:teradata Security update for glib2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Important SUSE bug 1137001 CVE-2019-12450 cpe:/o:suse:sles:11:sp1:teradata Security update for glib2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glib2 fixes the following issues: - CVE-2021-3800: Fixed a file content leak in pkexec due to charset aliases (bsc#1191489). - CVE-2018-16428: Fixed a NULL pointer dereference in g_markup_parse_context_end_parse() (bsc#1107121). Moderate SUSE bug 1107121 SUSE bug 1191489 CVE-2018-16428 CVE-2021-3800 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) - CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257) - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227) - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) - bsc#920338: Read past end of pattern in fnmatch - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) The following non-security bugs were fixed: - bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1 - bnc#863499: Memory leak in getaddrinfo when many RRs are returned - bsc#892065: Avoid unbound alloca in setenv - bsc#945779: Properly reread entry after failure in nss_files getent function Important SUSE bug 830257 SUSE bug 847227 SUSE bug 863499 SUSE bug 892065 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 945779 SUSE bug 950944 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2013-2207 CVE-2013-4458 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: Security issues fixed: - CVE-2016-1234: Fixed a buffer overflow with glob() with GLOB_ALTDIRFUNC and crafted directory (bsc#969727). - CVE-2016-3075: Fixed a stack overflow in _nss_dns_getnetbyname_r (bsc#973164) - CVE-2016-3706: Fixed a getaddrinfo stack overflow in hostent conversion (bsc#980483) - CVE-2016-4429: Avoid a stack overflow due to alloca usage in clntudp_call (bsc#980854) Also fixed some bugs: - Don't touch user-controlled stdio locks in forked child (bsc#864081) - Fix memory leak in _nss_dns_gethostbyname4_r (bsc#973010) Moderate SUSE bug 864081 SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 980483 SUSE bug 980854 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Important SUSE bug 1039357 CVE-2017-1000366 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Important SUSE bug 1074293 CVE-2018-1000001 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1074293 SUSE bug 1079036 SUSE bug 978209 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Moderate SUSE bug 1081556 CVE-2017-12133 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161). Moderate SUSE bug 1094161 CVE-2018-11236 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583). - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580). - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234) Important SUSE bug 1064580 SUSE bug 1064583 SUSE bug 941234 CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Moderate SUSE bug 1127223 SUSE bug 1127308 CVE-2009-5155 CVE-2019-9169 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for glibc fixes the following issues: - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489, BZ #27896) - CVE-2021-35942: Fixed handle overflow in wordexp positional parameter number (bsc#1187911, BZ #28011) Important SUSE bug 1186489 SUSE bug 1187911 SUSE bug 1193615 SUSE bug 1193616 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2015-8982 CVE-2015-8983 CVE-2021-33574 CVE-2021-35942 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles:11:sp1:teradata Security update for glibc SUSE Linux Enterprise Server 11 SP1 The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ: Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd Security Issue reference: * CVE-2011-2483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483> SUSE bug 645140 SUSE bug 680833 SUSE bug 700876 CVE-2011-2483 cpe:/o:suse:suse_sles:11:sp1 Security update for gmp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow on malformed input to mpz_inp_raw (bsc#1192717). Moderate SUSE bug 1192717 CVE-2021-43618 cpe:/o:suse:sles:11:sp1:teradata Security update for gnome-session (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnome-session fixes the following issues: - CVE-2017-11171: Fix a denial of service condition. an unauthenticated local user can create ICE connections, causing a file descriptor leak in gnome-session (bsc#1048274). Moderate SUSE bug 1048274 CVE-2017-11171 cpe:/o:suse:sles:11:sp1:teradata Security update for gnuplot (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnuplot fixes the following issues: Security issues fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overflow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) - CVE-2017-9670: Fixed a uninitialized stack variable vulnerability which could lead to a Denial of Service (bsc#1044638) Non-security issues fixed: - postscript output does not show any German 'umlauts' (bsc#375175) Moderate SUSE bug 1044638 SUSE bug 1117463 SUSE bug 1117464 SUSE bug 1117465 SUSE bug 375175 CVE-2017-9670 CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 cpe:/o:suse:sles:11:sp1:teradata Security update for GnuTLS SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of GnuTLS fixes multiple vulnerabilities: * CVE-2012-1569: remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function * CVE-2012-1573: crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash) * CVE-2012-0390: A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. In addition, support for customizing the signing function was added. Security Issue references: * CVE-2012-0390 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0390> SUSE bug 739898 SUSE bug 753301 SUSE bug 754223 SUSE bug 754953 CVE-2012-0390 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/o:suse:sles:11:sp1:teradata Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/o:suse:sles:11:sp1:teradata Security update for gnutls (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 961491 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/o:suse:sles:11:sp1:teradata Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1040621 CVE-2017-6891 CVE-2017-7869 cpe:/o:suse:sles:11:sp1:teradata Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460). - CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002). Moderate SUSE bug 1047002 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10846 cpe:/o:suse:sles:11:sp1:teradata Security update for gpg2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Moderate SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:sles:11:sp1:teradata Security update for gpg2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles:11:sp1:teradata Security update for gpg2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). Moderate SUSE bug 1124847 SUSE bug 1141093 CVE-2019-13050 cpe:/o:suse:sles:11:sp1:teradata Security update for gpgme SUSE Linux Enterprise Server 11 SP1-TERADATA This gpgme update fixes the following security issue: * bnc#890123: Fix possible overflow in gpgsm and uiserver engines (CVE-2014-3564) Security Issues: * CVE-2014-3564 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564> SUSE bug 890123 CVE-2014-3564 cpe:/o:suse:sles:11:sp1:teradata Security update for graphviz (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Low SUSE bug 1093447 CVE-2018-10196 cpe:/o:suse:sles:11:sp1:teradata Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076). - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079). - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1024076 SUSE bug 1024079 SUSE bug 1133375 CVE-2017-5837 CVE-2017-5844 CVE-2019-9928 cpe:/o:suse:sles:11:sp1:teradata Security update for gtk2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following issue has been fixed: * Specially crafted GIF and XBM files could have crashed gtk2 (CVE-2012-2370,CVE-2011-2485) Security Issue references: * CVE-2012-2370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370> * CVE-2011-2485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485> SUSE bug 702028 SUSE bug 762735 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gtk2 fixes the following security issues: - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7674: overflow when scaling GIF files (bsc#948791) - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issue was fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 942801 SUSE bug 948791 SUSE bug 958963 SUSE bug 960155 CVE-2015-4491 CVE-2015-7552 CVE-2015-7674 cpe:/o:suse:sles:11:sp1:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gtk2 fixes the following issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Moderate SUSE bug 966682 SUSE bug 988745 SUSE bug 991450 CVE-2013-7447 CVE-2016-6352 cpe:/o:suse:sles:11:sp1:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). - CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations (boo#1027026). - Protect against access to negative array indexes (BGO#778584). - CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (boo#1027025). - CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (boo#1027024). - CVE-2017-1000422: Gnome gdk-pixbuf older was vulnerable to several integer overflows in the gif_get_lzw function resulting in memory corruption and potential code execution (boo#1074462). This non-security issue was fixed: - Prevent endless loop when listing a directory that may not be listed (bnc#726376). Moderate SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1053417 SUSE bug 1074462 SUSE bug 726376 CVE-2017-1000422 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sles:11:sp1:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for gtk2 fixes the following security issues: - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544) Moderate SUSE bug 1048289 SUSE bug 1048544 CVE-2017-2862 CVE-2017-2870 cpe:/o:suse:sles:11:sp1:teradata Security update for guile (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sles:11:sp1:teradata Security update for okular SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a heap-based overflow in okular. The RLE decompression in the TranscribePalmImageToJPEG() function can be exploited to execute arbitrary code with user privileges by providing a crafted PDF file. (CVE-2010-2575) Security Issue reference: * CVE-2010-2575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575> SUSE bug 634743 CVE-2010-2575 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for hplip SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides an update of hplip to version 3.11.10: * Fixed insecure tmp file handling in hpcupsfax.cpp CVE-2011-2722 see https://bugs.launchpad.net/hplip/+bug/809904 (bnc#704608). * New tech classes for HP OfficeJet Pro 8100, HP Deskjet 3070 B611 series and HP Photosmart 7510 e-All-in-One. * Added new subtech class for HP Photosmart 6510 e-All-in-one. * Modified the error message which was displayed in case of missing .asc file for manual plug-in install. * Several more supported printers and all-in-one devices. * Several bug fixies. For details see http://hplipopensource.com/hplip-web/release_notes.html <http://hplipopensource.com/hplip-web/release_notes.html> Security Issue reference: * CVE-2011-2722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2722> SUSE bug 704608 CVE-2011-2722 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for hunspell (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). Low SUSE bug 1151867 CVE-2019-16707 cpe:/o:suse:sles:11:sp1:teradata Security update for icu SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following bugs have been fixed: * Specially crafted strings could cause a buffer overflow in icu (CVE-2011-4599). * An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409) Security Issue references: * CVE-2011-4599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599> * CVE-2010-4409 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409> SUSE bug 657910 SUSE bug 736146 CVE-2010-4409 CVE-2011-4599 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). Moderate SUSE bug 1012224 CVE-2014-9911 cpe:/o:suse:sles:11:sp1:teradata Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for icu fixes the following issues: - CVE-2014-9911: The fix was updated to not crash (NULL ptr deref) when resPath is NULL (bsc#1023033). Moderate SUSE bug 1023033 CVE-2014-9911 cpe:/o:suse:sles:11:sp1:teradata Security update for icu (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) Important SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 990636 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles:11:sp1:teradata Security update for inn SUSE Linux Enterprise Server 11 SP1-TERADATA A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 has been assigned to this issue. Security Issue reference: * CVE-2012-3523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3523> SUSE bug 776967 CVE-2012-3523 cpe:/o:suse:sles:11:sp1:teradata Security update for inn (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for inn fixes the following issues: - CVE-2019-3692: Fixed a local privilege escalation from any user to 'news' (bsc#1154302). Moderate SUSE bug 1154302 CVE-2019-3692 cpe:/o:suse:sles:11:sp1:teradata Security update for inn (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for inn fixes the following issues: - CVE-2021-31998: Fixed locale privialge escalation during the update of inn (bsc#1182321). Important SUSE bug 1182321 CVE-2021-31998 cpe:/o:suse:sles:11:sp1:teradata Security update for inst-source-utils SUSE Linux Enterprise Server 11 SP1-TERADATA Multiple code execution flaws have been fixed that could have been exploited via specially crafted file names / directory path names. Security Issue reference: * CVE-2012-0427 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0427> SUSE bug 604730 CVE-2012-0427 cpe:/o:suse:sles:11:sp1:teradata Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed: - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests (bsc#931989). Due to a packaging error, the racoonf.conf config file was symlinked to /usr/share/doc/packages/ipsec-tools/examples/racoon/samples/racoon.conf on some processor platforms, edits might have happened only in this example file. Before upgrading, please check if /etc/racoon/racoon.conf is a symlink to this example file and backup the content. (bsc#939810) Moderate SUSE bug 931989 SUSE bug 939810 CVE-2015-4047 cpe:/o:suse:sles:11:sp1:teradata Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Moderate SUSE bug 1047443 CVE-2016-10396 cpe:/o:suse:sles:11:sp1:teradata Security update for jakarta-commons-collections (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update to jakarta-commons-collections 3.2.2 fixes the following security issues: * bsc#954102 code-execution by unserialization Moderate SUSE bug 954102 cpe:/o:suse:sles:11:sp1:teradata Security update for jakarta-commons-fileupload SUSE Linux Enterprise Server 11 SP1-TERADATA jakarta-commons-fileupload received the following security fix: A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker would have been able to supply a serialized instance of the DiskFileItem class, which if deserialized on a server, could have used this flaw to write arbitrary content to any location on the server that has been permitted by the user running the application server process. (CVE-2013-2186) Security Issue reference: * CVE-2013-2186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186> SUSE bug 846174 CVE-2013-2186 cpe:/o:suse:sles:11:sp1:teradata Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles:11:sp1:teradata Security update for jakarta SUSE Linux Enterprise Server 11 SP1-TERADATA The following issue has been fixed: * SSL certificate hostname verification was not done and is fixed by this update. (CVE-2012-5783) Security Issue reference: * CVE-2012-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783> SUSE bug 803332 CVE-2012-5783 cpe:/o:suse:sles:11:sp1:teradata Security update for jakarta-taglibs-standard (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Important SUSE bug 920813 CVE-2015-0254 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following issue has been fixed: * Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper (CVE-2011-4516, CVE-2011-4517) Security Issue references: * CVE-2011-4516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516> * CVE-2011-4517 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517> SUSE bug 725758 CVE-2011-4516 CVE-2011-4517 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015400 SUSE bug 1015993 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2018-9055: Fixed a denial of service in jpc_firstone (bsc#1087020). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Moderate SUSE bug 1010783 SUSE bug 1087020 SUSE bug 1117505 SUSE bug 1117507 SUSE bug 1117508 SUSE bug 1117511 CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-9055 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786). - CVE-2016-9557: Fix signed integer overflow (bsc#1011829). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). Low SUSE bug 1010786 SUSE bug 1010979 SUSE bug 1010980 SUSE bug 1011829 SUSE bug 1020451 SUSE bug 1020456 SUSE bug 1020458 SUSE bug 1020460 SUSE bug 1045450 SUSE bug 1057152 SUSE bug 1088278 SUSE bug 1092115 SUSE bug 1114498 SUSE bug 1115637 SUSE bug 1117328 SUSE bug 1120805 SUSE bug 1120807 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9154 CVE-2018-9252 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles:11:sp1:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Moderate SUSE bug 1188437 CVE-2021-27845 cpe:/o:suse:sles:11:sp1:teradata Security update for IBM Java SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 IBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> has more informations. CVEs addressed: CVE-2011-3563 CVE-2012-0499 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 SUSE bug 763805 CVE-2011-3563 CVE-2012-0499 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for IBM Java 1.6.0 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 IBM Java 1.6.0 was updated to SR10-FP1, fixing various security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Security Issue references: * CVE-2012-0502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502> * CVE-2012-0503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503> * CVE-2012-0506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506> * CVE-2012-0507 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507> * CVE-2011-3563 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563> * CVE-2012-0500 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500> * CVE-2012-0497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497> * CVE-2012-0498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498> * CVE-2012-0499 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499> * CVE-2012-0500 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500> * CVE-2012-0501 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501> * CVE-2012-0505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505> * CVE-2011-5035 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035> SUSE bug 752306 SUSE bug 758470 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries * bsc#941939: provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 935540 SUSE bug 936844 SUSE bug 938895 SUSE bug 941939 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Important SUSE bug 960286 SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Important SUSE bug 1027038 SUSE bug 1038505 CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 (bsc#1070162) * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:11:sp1:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Important SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:sles:11:sp1:teradata Security update for libjpeg SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update to libjpeg fixes a heap overflow in the JPEG decompression functions. (CVE-2012-2806 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806> ) SUSE bug 771791 CVE-2012-2806 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for jpeg (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Moderate SUSE bug 1062937 SUSE bug 1096209 SUSE bug 1098155 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 cpe:/o:suse:sles:11:sp1:teradata Security update for jpeg (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jpeg fixes the following issue: Security issue fixed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11212: Fixed divide by zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-14498: Fixed denial of service in get_8bit_row in rdbmp.c (bsc#1128712). Low SUSE bug 1122299 SUSE bug 1128712 CVE-2018-11212 CVE-2018-14498 cpe:/o:suse:sles:11:sp1:teradata Security update for jpeg (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for jpeg fixes the following issues: - CVE-2020-14152: Fixed an improper implementation which vould have potentially exhausted the memory (bsc#1172995). - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). Moderate SUSE bug 1172491 SUSE bug 1172995 CVE-2020-13790 CVE-2020-14152 cpe:/o:suse:sles:11:sp1:teradata Security update for kdebase4-workspace SUSE Linux Enterprise Server 11 SP1-TERADATA This kdebase4-workspace update fixes two security issues: * NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) * Memory leak that could lead to a denial of service. (CVE-2013-4133) Security Issues references: * CVE-2013-4132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4132> * CVE-2013-4133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4133> SUSE bug 829857 CVE-2013-4132 CVE-2013-4133 cpe:/o:suse:sles:11:sp1:teradata Security update for kdenetwork SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of kdenetwork fixes several bugs, the security related issues are: * CVE-2010-1000: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The 'name' attribute of the 'file' element of metalink files is not properly sanitised this can be exploited to download files to arbitrary directories. Non-security issues: * bnc#653852: kopete: ICQ login broken; login server changed Security Issue references: * CVE-2008-4776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776> * CVE-2010-1000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1000> SUSE bug 604709 SUSE bug 653852 CVE-2008-4776 CVE-2010-1000 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for kdebase4-runtime SUSE Linux Enterprise Server 11 SP1-TERADATA kdebase4-runtime has been updated to fix one security issue: * CVE-2013-7252: Added gpg based encryption support to kwallet (bnc#857200). Security Issues: * CVE-2013-7252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7252> SUSE bug 857200 CVE-2013-7252 cpe:/o:suse:sles:11:sp1:teradata Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/o:suse:sles:11:sp1:teradata Security update for kdelibs3 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Moderate SUSE bug 958347 CVE-2015-7543 cpe:/o:suse:sles:11:sp1:teradata Security update for kdelibs4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a cross-site scripting (XSS) vulnerability in the way KHTML handles error pages. (CVE-2011-1168 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1168> ) SUSE bug 686652 CVE-2011-1168 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for kdirstat SUSE Linux Enterprise Server 11 SP1-TERADATA The following security issue has been fixed: * #868682: CVE-2014-2527 CVE-2014-2528: kdirstat: command injection in kcleanup Security Issues: * CVE-2014-2527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527> * CVE-2014-2528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528> SUSE bug 868682 CVE-2014-2527 CVE-2014-2528 cpe:/o:suse:sles:11:sp1:teradata Security update for Linux kernel SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The SUSE Linux Enterprise 11 SP1 kernel have been updated to the 2.6.32.59 stable release to fix a lot of bugs and security issues. The following security issues have been fixed: * CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system. * CVE-2012-1097: A null pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. * CVE-2012-0879: A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). * CVE-2012-1090: A file handle leak in CIFS code could be used by local attackers to crash the system. * CVE-2011-1083: Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). * CVE-2011-4622: When using KVM, programming a PIT timer without a irqchip configuration, can be used to crash the kvm guest. This likely can be done only by a privileged guest user. * CVE-2012-0045: A KVM 32bit guest crash in 'syscall' opcode handling was fixed that could be caused by local attackers. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. The following non-security issues have been fixed: X86: * x86: fix the initialization of physnode_map (bnc#748112). * x86: Allow bootmem reserves at greater than 8G node offset within a node (bnc#740895). * x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) * x86, efi: Work around broken firmware. (bnc#714507) BONDING: * bonding: update speed/duplex for NETDEV_CHANGE (bnc#752634). * bonding: comparing a u8 with -1 is always false (bnc#752634). * bonding: start slaves with link down for ARP monitor (bnc#752634). * bonding: send gratuitous ARP for all addresses (bnc#752491). XFS: * xfs: Fix excessive inode syncing when project quota is exceeded (bnc#756448). * xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). SCSI: * scsi/ses: Handle non-unique element descriptors (bnc#749342, bnc#617344). * scsi/sd: mark busy sd majors as allocated (bug#744658). * scsi: Check for invalid sdev in scsi_prep_state_check() (bnc#734300). MD/RAID: * md: fix possible corruption of array metadata on shutdown. * md: ensure changes to write-mostly are reflected in metadata (bnc#755178). * md: do not set md arrays to readonly on shutdown (bnc#740180, bnc#713148, bnc#734900). XEN: * smpboot: adjust ordering of operations. * x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). * blkfront: properly fail packet requests (bnc#745929). * Update Xen patches to 2.6.32.57. * xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. * xenbus_dev: add missing error checks to watch handling. * Refresh other Xen patches (bnc#652942, bnc#668194, bnc#688079). * fix Xen-specific kABI issue in Linux 2.6.19. NFS: * NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR (bnc#751880). * nfs: Include SYNC flag when comparing mount options with NOAC flag (bnc#745422). * NFS returns EIO for EDQUOT and others (bnc#747028). * lockd: fix arg parsing for grace_period and timeout (bnc#733761). * nfs: allow nfs4leasetime to be set before starting servers (bnc#733761). * nfs: handle d_revalidate of dot correctly (bnc#731809). S/390: * ctcmpc: use correct idal word list for ctcmpc (bnc#750171,LTC#79264). * qeth: synchronize discipline module loading (bnc#747430,LTC#78788). * qdio: avoid race leading to stall when tolerating CQ (bnc#737326,LTC#76599). * kernel: no storage key operations for invalid page table entries (bnc#737326,LTC#77697). OTHER: * tlan: add cast needed for proper 64 bit operation (bnc#756840). * dl2k: Tighten ioctl permissions (bnc#758813). * tg3: Fix RSS ring refill race condition (bnc#757917). * usbhid: fix error handling of not enough bandwidth (bnc#704280). * pagecache limit: Fix the shmem deadlock (bnc#755537). * tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). * ixgbe: driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off (bnc#693639) * PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). * dlm: Do not allocate a fd for peeloff (bnc#729247). * sctp: Export sctp_do_peeloff (bnc#729247). * epoll: Do not limit non-nested epoll paths (bnc#676204). * mlx4: Limit MSI-X vector allocation (bnc#624072). * mlx4: Changing interrupt scheme (bnc#624072). * mlx4_en: Assigning TX irq per ring (bnc#624072). * mlx4_en: Restoring RX buffer pointer in case of failure (bnc#624072). * mlx4_en: using new mlx4 interrupt scheme (bnc#624072). * igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980). * igb: Power down link when interface is down (bnc#745699). * igb: use correct bits to identify if managability is enabled (bnc#743209). * intel_agp: Do not oops with zero stolen memory (bnc#738679). * agp: fix scratch page cleanup (bnc#738679). * hugetlb: add generic definition of NUMA_NO_NODE (bnc#751844). * sched: Fix proc_sched_set_task() (bnc#717994). * PM: Print a warning if firmware is requested when tasks are frozen (bnc#749886). * PM / Sleep: Fix freezer failures due to racy usermodehelper_is_disabled() (bnc#749886). * PM / Sleep: Fix read_unlock_usermodehelper() call (bnc#749886). * firmware loader: allow builtin firmware load even if usermodehelper is disabled (bnc#749886). * PM / Hibernate: Enable usermodehelpers in software_resume() error path (bnc#744163). * ipv6: Allow inet6_dump_addr() to handle more than 64 addresses (bnc#748279). * ipv6: fix refcnt problem related to POSTDAD state (bnc#743619). * be2net: change to show correct physical link status (bnc#727834). * be2net: changes to properly provide phy details (bnc#727834). * aio: fix race between io_destroy() and io_submit() (bnc#747445 bnc#611264). * intel-iommu: Check for identity mapping candidate using system dma mask (bnc#700449). * intel-iommu: Dont cache iova above 32bit (bnc#700449). * intel-iommu: Add domain check in domain_remove_one_dev_info (bnc#700449). * intel-iommu: Provide option to enable 64-bit IOMMU pass through mode (bnc#700449). * intel-iommu: Remove Host Bridge devices from identity mapping (bnc#700449). * intel-iommu: Speed up processing of the identity_mapping function (bnc#700449). * intel-iommu: Use coherent DMA mask when requested (bnc#700449). * 1: Fix accounting of softirq time when idle (bnc#719793). * driver-core: fix race between device_register and driver_register (bnc#742358). * dcache: patches.fixes/large-hash-dcache_init-fix.patch: Fix oops when initializing large hash on > 16TB machine (bnc#742210). * kdump: Save PG_compound or PG_head value in VMCOREINFO (bnc#738503). * Update config files: disable NET_9P_RDMA (bnc#720374). * cdc-wdm: fix race leading leading to memory corruption (bnc#759544). Security Issue references: * CVE-2011-1083 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083> * CVE-2011-4086 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4086> * CVE-2011-4622 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4622> * CVE-2012-0045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0045> * CVE-2012-0879 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0879> * CVE-2012-1090 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1090> * CVE-2012-1097 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097> * CVE-2012-2133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2133> SUSE bug 611264 SUSE bug 617344 SUSE bug 624072 SUSE bug 652942 SUSE bug 668194 SUSE bug 676204 SUSE bug 688079 SUSE bug 693639 SUSE bug 697920 SUSE bug 700449 SUSE bug 704280 SUSE bug 713148 SUSE bug 714507 SUSE bug 716850 SUSE bug 717994 SUSE bug 719793 SUSE bug 720374 SUSE bug 721366 SUSE bug 727834 SUSE bug 729247 SUSE bug 731809 SUSE bug 733761 SUSE bug 734300 SUSE bug 734900 SUSE bug 737326 SUSE bug 738210 SUSE bug 738503 SUSE bug 738528 SUSE bug 738679 SUSE bug 740180 SUSE bug 740895 SUSE bug 740969 SUSE bug 742210 SUSE bug 742358 SUSE bug 743209 SUSE bug 743619 SUSE bug 744163 SUSE bug 744658 SUSE bug 745422 SUSE bug 745699 SUSE bug 745832 SUSE bug 745929 SUSE bug 746980 SUSE bug 747028 SUSE bug 747430 SUSE bug 747445 SUSE bug 748112 SUSE bug 748279 SUSE bug 748812 SUSE bug 749342 SUSE bug 749569 SUSE bug 749886 SUSE bug 750079 SUSE bug 750171 SUSE bug 751322 SUSE bug 751844 SUSE bug 751880 SUSE bug 752491 SUSE bug 752634 SUSE bug 752972 SUSE bug 755178 SUSE bug 755537 SUSE bug 756448 SUSE bug 756840 SUSE bug 757917 SUSE bug 758532 SUSE bug 758813 SUSE bug 759544 CVE-2011-1083 CVE-2011-4086 CVE-2011-4622 CVE-2012-0045 CVE-2012-0879 CVE-2012-1090 CVE-2012-1097 CVE-2012-2133 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for the Linux kernel SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of the SUSE Linux Enterprise Server 11 SP1 kernel brings the kernel to 2.6.32.24 and fixes some critical security bugs and other non-security bugs. Following security bugs were fixed: * CVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which could lead to local attackers gaining kernel privileges. * CVE-2010-3904: A local privilege escalation in RDS sockets allowed local attackers to gain privileges. Please note that the net/rds socket protocol module only lives in the -extra kernel package, which is not installed by default on the SUSE Linux Enterprise Server 11. * CVE-2010-2963: A problem in the compat ioctl handling in video4linux allowed local attackers with a video device plugged in to gain privileges on x86_64 systems. SUSE bug 564324 SUSE bug 573330 SUSE bug 603738 SUSE bug 609196 SUSE bug 612729 SUSE bug 623307 SUSE bug 624850 SUSE bug 629901 SUSE bug 629908 SUSE bug 638860 SUSE bug 639261 SUSE bug 640278 SUSE bug 643249 SUSE bug 644219 SUSE bug 644350 SUSE bug 644373 SUSE bug 646045 SUSE bug 647392 SUSE bug 647497 SUSE bug 647775 SUSE bug 648308 SUSE bug 649231 SUSE bug 649257 SUSE bug 649820 SUSE bug 650109 SUSE bug 650111 SUSE bug 650113 SUSE bug 650116 SUSE bug 650128 CVE-2010-2963 CVE-2010-3865 CVE-2010-3904 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Kerberos 5 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of krb5 fixes two security issues. * CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. (This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE.) * CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. Security Issue reference: * CVE-2011-4862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862> SUSE bug 698471 SUSE bug 738632 CVE-2011-4862 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for krb5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Moderate SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8631 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Moderate SUSE bug 971942 CVE-2016-3119 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following issues: - Incorrect string handling in build_principal_va can lead to DOS. (bsc#952190, CVE-2015-2697) - Fix potential heap corruption and crash vulnerability described in MIT krb5 Security Advisory 2012-001. (bsc#770172, CVE-2012-1015) - Fix prep_reprocess_req NULL pointer deref. (bsc#816413, CVE-2013-1416) - Fix Denial of service in krb5_read_message. (bsc#918595, CVE-2014-5355) Moderate SUSE bug 770172 SUSE bug 816413 SUSE bug 918595 SUSE bug 952190 CVE-2012-1015 CVE-2013-1416 CVE-2014-5355 CVE-2015-2697 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following issues: Security issues fixed: - CVE-2017-11368: Fix an unintended assertion failure in KDC (bsc#1049819) Also the openssl1 LDAP library build is now used for the LDAP plugin components. (bsc#1025126). Moderate SUSE bug 1025126 SUSE bug 1049819 CVE-2017-11368 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following security issues: - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) Important SUSE bug 1056995 SUSE bug 1065274 CVE-2017-11462 CVE-2017-15088 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following issues: Security issues fixed: - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). Moderate SUSE bug 1083926 SUSE bug 1083927 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 SUSE Linux Enterprise Server 11 SP1-TERADATA This update for krb5 fixes the following issues: * When randomizing the keys for a service principal, current keys could be returned. (CVE-2014-5351) * klist -s crashes when handling multiple referral entries. (bnc#890623) Security Issues: * CVE-2014-5351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351> SUSE bug 890623 SUSE bug 897874 CVE-2014-5351 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 SUSE Linux Enterprise Server 11 SP1-TERADATA krb5 has been updated to fix four security issues: * CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002) Additionally, these non-security issues have been fixed: * Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557) Security Issues: * CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423> SUSE bug 872912 SUSE bug 906557 SUSE bug 912002 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/o:suse:sles:11:sp1:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/o:suse:sles:11:sp1:teradata Security update for KVM SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The following vulnerabilities have been fixed in KVM: * buffer overflow in e1000 device emulation (CVE-2012-0029) * missing initgroups() for -runas (CVE-2011-2527) Security Issue references: * CVE-2011-2527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527> * CVE-2012-0029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029> SUSE bug 695510 SUSE bug 705304 SUSE bug 740165 CVE-2011-2527 CVE-2012-0029 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Important SUSE bug 938344 CVE-2015-5154 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for kvm fixes the following issues: - CVE-2017-2633: memory corruption due to unchecked resolution limit in VNC. (bsc#1026612) - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2019-14378: heap buffer overflow during packet reassembly in slirp networking implementation. (bsc#1143794) - CVE-2020-1983: use-after-free in ip_reass function in ip_input.c. (bsc#1170940) - CVE-2020-29130: out-of-bounds access while processing ARP packets. (bsc#1179467) - CVE-2013-4530: fix buffer overun on invalid state load. (bsc#864682) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2015-5225 heap memory corruption in vnc_refresh_server_surface. (bsc#942845) - CVE-2020-29129: out-of-bounds access while processing NCSI packets. (bsc#1179466) - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages. (bsc#1163018) - CVE-2017-5715: speculative side channel attacks on various CPU platforms aka 'SpectreAttack' and 'MeltdownAttack'. (bsc#1068032) Important SUSE bug 1026612 SUSE bug 1068032 SUSE bug 1143794 SUSE bug 1163018 SUSE bug 1170940 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1187364 SUSE bug 1187367 SUSE bug 864682 SUSE bug 942845 CVE-2013-4530 CVE-2015-5225 CVE-2017-2633 CVE-2017-5715 CVE-2019-14378 CVE-2020-1983 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-3592 CVE-2021-3594 cpe:/o:suse:sles:11:sp1:teradata Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for kvm fixes the following issues: - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) Moderate SUSE bug 1182651 CVE-2021-20255 cpe:/o:suse:sles:11:sp1:teradata Security update for lcms SUSE Linux Enterprise Server 11 SP1-TERADATA The lcms userland utilities were updated to fix stack overflows. CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:sles:11:sp1:teradata Security update for less (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for less fixes the following issues: Security issue fixed: - CVE-2014-9488: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access (bsc#921719). Moderate SUSE bug 921719 CVE-2014-9488 cpe:/o:suse:sles:11:sp1:teradata Security update for lha (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers (bsc#962528). Moderate SUSE bug 962528 CVE-2016-1925 cpe:/o:suse:sles:11:sp1:teradata Security update for libHX13 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a heap-based buffer overflow in HX_split() of libHX. (CVE-2010-2947) Security Issue reference: * CVE-2010-2947 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2947> SUSE bug 631582 CVE-2010-2947 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libapr SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: * 650435: remote DoS in APR (CVE-2010-1623) * 693778: unconstrained recursion when processing patterns (CVE-2011-0419,CVE-2011-1928) Security Issue reference: * CVE-2011-0419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419> * CVE-2010-1623 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623> * CVE-2011-1928 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928> SUSE bug 650435 SUSE bug 693778 CVE-2010-1623 CVE-2011-0419 CVE-2011-1928 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libapr-util1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Moderate SUSE bug 1064990 CVE-2017-12618 cpe:/o:suse:sles:11:sp1:teradata Security update for libapr1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Moderate SUSE bug 1064982 CVE-2017-12613 cpe:/o:suse:sles:11:sp1:teradata Security update for libcaca (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles:11:sp1:teradata Security update for libcaca (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Moderate SUSE bug 1197028 CVE-2022-0856 cpe:/o:suse:sles:11:sp1:teradata Security update for libcap SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following bug has been fixed: * capsh did not chdir('/') after callling chroot(). Programs could therefore access the current directory outside of the chroot (CVE-2011-4099). Security Issue reference: * CVE-2011-4099 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4099> SUSE bug 727715 CVE-2011-4099 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libcares2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles:11:sp1:teradata Security update for libcdio (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). Low SUSE bug 1082821 CVE-2017-18199 cpe:/o:suse:sles:11:sp1:teradata Security update for libcgroup1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Bug fixes: - bsc#1030747: Unable to use freezer sub system via libcgroup API when both freezer and cpuset subsystems are used. Moderate SUSE bug 1030747 SUSE bug 1100365 CVE-2018-14348 cpe:/o:suse:sles:11:sp1:teradata Security update for libcroco (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:suse:sles:11:sp1:teradata Security update for libcroco (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sles:11:sp1:teradata Security update for libdb-4_5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Moderate SUSE bug 1043886 cpe:/o:suse:sles:11:sp1:teradata Security update for PostgreSQL 9.1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The PostgreSQL database server was updated to version 9.1.12 to fix various security issues: * Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode'). (CVE-2014-0066) * Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) The complete list of bugs and more information can be found at: http://www.postgresql.org/docs/9.1/static/release-9-1-12.html <http://www.postgresql.org/docs/9.1/static/release-9-1-12.html> Security Issues references: * CVE-2014-0060 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060> * CVE-2014-0061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061> * CVE-2014-0062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062> * CVE-2014-0063 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063> * CVE-2014-0064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064> * CVE-2014-0065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065> * CVE-2014-0066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066> SUSE bug 864845 SUSE bug 864846 SUSE bug 864847 SUSE bug 864850 SUSE bug 864851 SUSE bug 864852 SUSE bug 864853 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libesmtp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles:11:sp1:teradata Security update for libevent SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a buffer overflow in the buffered event handling in libevent. (CVE-2014-6272) Security Issues: * CVE-2014-6272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272> SUSE bug 897243 CVE-2014-6272 cpe:/o:suse:sles:11:sp1:teradata Security update for libevent (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sles:11:sp1:teradata Security update for libexif SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 Various overflows and other security related bugs in libexif were found by the Google Security team and fixed by the libexif developers. Security Issue references: * CVE-2012-2812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812> * CVE-2012-2813 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813> * CVE-2012-2814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814> * CVE-2012-2836 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836> * CVE-2012-2837 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837> * CVE-2012-2840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840> * CVE-2012-2841 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841> SUSE bug 771229 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Moderate SUSE bug 1059893 CVE-2017-7544 cpe:/o:suse:sles:11:sp1:teradata Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue: * CVE-2010-3170: Disallow wildcard matching in X509 certificate Common Names. This update also has preparations for Firefox 4 support, and a updated Root Certificate Authority list. Security Issue reference: * CVE-2010-3170 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170> SUSE bug 637290 CVE-2010-3170 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libgcrypt SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA libgcrypt has been updated to fix a cryptographic weakness. * CVE-2013-4242: libgcrypt was affected by the Yarom/Falkner flush+reload side-channel attach on RSA secret keys, that could have potentially leaked the key data to attackers on the same machine. Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/o:suse:sles:11:sp1:teradata Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Moderate SUSE bug 994157 CVE-2016-6313 cpe:/o:suse:sles:11:sp1:teradata Security update for libgcrypt (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libgcrypt fixes the following security issue: - CVE-2017-7526: Hardening against local side-channel attack. (bsc#1046607) Low SUSE bug 1046607 CVE-2017-7526 cpe:/o:suse:sles:11:sp1:teradata Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-13627: Mitigated against an ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles:11:sp1:teradata Security update for libgcrypt (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles:11:sp1:teradata Security update for libgcrypt SUSE Linux Enterprise Server 11 SP1-TERADATA This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270> SUSE bug 892464 CVE-2014-5270 cpe:/o:suse:sles:11:sp1:teradata Security update for libgdiplus0 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code: * gdip_load_tiff_image() by processing specially crafted TIFF images * gdip_load_jpeg_image_internal() by processing specially crafted JPEG images * gdip_read_bmp_image() by processing specially crafted BMP image Security Issue reference: * CVE-2010-1526 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1526> SUSE bug 630756 CVE-2010-1526 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libgnomesu SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The libgnomesu pam backend did not check the return value of the setuid() functions. Local users could exploit that to gain root privileges (CVE-2011-1946). Note: this is just a re-release of the previous update to fix a regression unrelated to the security issue. Security Issue reference: * CVE-2011-1946 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1946> SUSE bug 695627 CVE-2011-1946 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libgssglue SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges. SUSE bug 694598 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libical (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bnc#986632) - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. (bsc#986642) - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. (bsc#986658) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bnc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986632 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 CVE-2016-5823 CVE-2016-5824 CVE-2016-5825 CVE-2016-5826 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sles:11:sp1:teradata Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Moderate SUSE bug 923241 SUSE bug 990189 SUSE bug 990190 SUSE bug 990191 CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 cpe:/o:suse:sles:11:sp1:teradata Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Moderate SUSE bug 1056450 CVE-2017-14062 cpe:/o:suse:sles:11:sp1:teradata Security update for libjasper SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libjasper fixes multiple off-by-one errors which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow triggered by a crafted jp2 (JPEG 2000) file. (bsc#906364, CVE-2014-9029) Security Issues: * CVE-2014-9029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029> SUSE bug 906364 CVE-2014-9029 cpe:/o:suse:sles:11:sp1:teradata Security update for libksba SUSE Linux Enterprise Server 11 SP1-TERADATA This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087> SUSE bug 907074 CVE-2014-9087 cpe:/o:suse:sles:11:sp1:teradata Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Moderate SUSE bug 979261 SUSE bug 979906 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sles:11:sp1:teradata Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/o:suse:sles:11:sp1:teradata Security update for openLDAP SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Several issues have been fixed in OpenLDAP: * specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212) * syncrepl might loose deletes in refreshAndPersist mode Security Issues: * CVE-2010-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211> * CVE-2010-0212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212> SUSE bug 606294 SUSE bug 612430 CVE-2010-0211 CVE-2010-0212 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101) - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) () - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095) - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090) Moderate SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 cpe:/o:suse:sles:11:sp1:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for liblouis fixes the following issues: Security issues fixed: - CVE-2017-15101: Buffer overflow in findTable (bsc#1067336). - CVE-2014-8184: stack-based buffer overflow in findTable() (bsc#1062458). Moderate SUSE bug 1062458 SUSE bug 1067336 CVE-2014-8184 CVE-2017-15101 cpe:/o:suse:sles:11:sp1:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for liblouis, python-louis fixes the following issues: Security issues fixed: - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-11683: Fix a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095827) Moderate SUSE bug 1095825 SUSE bug 1095826 SUSE bug 1095827 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 cpe:/o:suse:sles:11:sp1:teradata Security update for liblouis (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for liblouis and python-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). Low SUSE bug 1109319 CVE-2018-17294 cpe:/o:suse:sles:11:sp1:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for liblouis fixes the following issues: - CVE-2018-12085: Fixed an off-by-one error resulting in a buffer overrun (bsc#1097103). Moderate SUSE bug 1097103 CVE-2018-12085 cpe:/o:suse:sles:11:sp1:teradata Security update for lzo SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA lzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. (CVE-2014-4607) Security Issue reference: * CVE-2014-4607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607> SUSE bug 883947 CVE-2014-4607 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libmpfr SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libmpfr fixes a buffer overflow in mpfr_strtofr. (CVE-2014-9474) Security Issues: * CVE-2014-9474 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474> SUSE bug 911812 CVE-2014-9474 cpe:/o:suse:sles:11:sp1:teradata Security update for libmspack SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libmspack fixes the following security issue: * CVE-2014-9556: An integer overflow in the function qtmd_decompress() could be exploited to cause a denial of service (endless loop). (bsc##912214) Security Issues: * CVE-2014-9556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556> SUSE bug 912214 CVE-2014-9556 cpe:/o:suse:sles:11:sp1:teradata Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sles:11:sp1:teradata Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) Moderate SUSE bug 1113038 SUSE bug 1113039 CVE-2018-18584 CVE-2018-18585 cpe:/o:suse:sles:11:sp1:teradata Security update for libmspack (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Low SUSE bug 1141680 CVE-2019-1010305 cpe:/o:suse:sles:11:sp1:teradata Security update for MySQL SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 MySQL has been upgraded to version 5.0.96 to fix several vulnerabilities. Security Issue reference: * CVE-2012-2122 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122> * CVE-2012-0075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075> * CVE-2012-0114 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114> * CVE-2012-0490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490> * CVE-2012-0484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484> * CVE-2012-0102 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0102> * CVE-2012-0101 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0101> * CVE-2012-0087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0087> * CVE-2009-5026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5026> SUSE bug 765092 SUSE bug 769062 CVE-2012-2122 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libnl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libnl fixes the following issues: Security issue fixed: - CVE-2017-0386: Fixed a privilege escalation vulnerability which allowed a local user to execute code within a privileged process (bsc#1020123). Moderate SUSE bug 1020123 CVE-2017-0386 cpe:/o:suse:sles:11:sp1:teradata Security update for opensc SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted smart cards could cause a buffer overflow in opensc (CVE-2010-4523). Security Issue reference: * CVE-2010-4523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4523> SUSE bug 660109 CVE-2010-4523 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libopenssl SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update adds libopenssl0_9_8-hmac packages, that, when installed, will enforce FIPS 140-2 self-test being run upon first use of the library. If FIPS mode is enforced, these new packages are required in order to enable FIPS mode successfully. The update also imposes limits on the parameters of a Diffie-Hellman key exchange to prevent man-in-the-middle (MITM) attacks in FIPS mode (CVE-2011-5095). Security reference: * CVE-2011-5095 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5095> SUSE bug 767256 SUSE bug 768097 CVE-2011-5095 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libotr SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes various heap overflows in libotr. CVE-2012-3461 has been assigned to this issue. Security Issue reference: * CVE-2012-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461> SUSE bug 777468 CVE-2012-3461 cpe:/o:suse:sles:11:sp1:teradata Security update for libotr (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libotr fixes the following issues: - Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785) Moderate SUSE bug 969785 CVE-2016-2851 cpe:/o:suse:sles:11:sp1:teradata Security update for Xorg X11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files (CVE-2011-2895). Security Issue reference: * CVE-2011-2895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895> SUSE bug 709851 CVE-2011-2895 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for pixman SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:sles:11:sp1:teradata Security update for libpng SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 An integer overflow has been fixed in libpng. Security Issue reference: * CVE-2012-3425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3425> SUSE bug 772760 CVE-2012-3425 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libpng12-0 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Denial of service while decompressing a highly compressed huge ancillary chunk has been fixed in libpng (CVE-2010-0205). SUSE bug 580484 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:sles:11:sp1:teradata Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/o:suse:sles:11:sp1:teradata Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:11:sp1:teradata Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libpng12-0 fixes the following issues: Security issue fixed: - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1141493 CVE-2017-12652 cpe:/o:suse:sles:11:sp1:teradata Security update for libpoppler SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704). This has been fixed. Security Issue references: * CVE-2010-3702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702> * CVE-2010-3703 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703> * CVE-2010-3704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704> SUSE bug 642785 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libproxy SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libproxy fixes a heap-based buffer overflow that could allow remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. SUSE bug 761626 SUSE bug 784523 CVE-2012-4505 cpe:/o:suse:sles:11:sp1:teradata Security update for pulseaudio SUSE Linux Enterprise Server 11 SP1-TERADATA This update for pulseaudio provides the following security fix: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. (bnc#881524) Security Issues: * CVE-2014-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970> SUSE bug 881524 CVE-2014-3970 cpe:/o:suse:sles:11:sp1:teradata Security update for libqt4 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libqt4 fixes the following issues: - CVE-2020-17507: Fix buffer over-read in read_xbm_body (bsc#1176315): - CVE-2018-15518: Fix 'double free or corruption' in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fix QBmpHandler segfault on malformed BMP file (bsc#1118596) - CVE-2018-19869: Fix crash when parsing malformed url reference (bsc#1118599) Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1176315 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 cpe:/o:suse:sles:11:sp1:teradata Security update for libraptor SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 Specially crafted XML files could have allowed XML External Entity (XXE) attacks resulting in file theft and a loss of user privacy. This has been fixed. SUSE bug 745298 CVE-2012-0037 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for LibreOffice SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA LibreOffice 3.4 includes new interesting features and fixes, see http://www.libreoffice.org/download/3-4-new-features-and-fixes/ <http://www.libreoffice.org/download/3-4-new-features-and-fixes/> The update fixes the following security issue: * 704311: libreoffice Lotus Word Pro filter multiple vulnerabilities (CVE-2011-2685) * 722075: LibreOffice: Out-of-bounds read in DOC sprm (CVE-2011-2713) This update also fixes the following non-security issues: * 653519: Welcome screen missing. * 653662: libreoffice build calls mkbundle2 (deprecated) instead of mkbundle * 663622: Writer crash during document save * 675868: eliminate wording of ooconvert existed in loconvert --help * 675961: Libreoffice Copy paste of formula in Writer tables does not work as expected * 676858: Document with full page graphic in header will not allow click-drag or right-click. * 677354: The languagetool.rpm does not work as expected * 678998: Libre Office does not detect KDE3 * 680272: Deleting multiple sheets results in run-time error/crash * 681738: DDE link is lost when .xls file is opened/saved in Calc. * 683578: Large xlsx file takes extremely long to open with Libreoffice calc * 684784: Microsoft Office spreadsheet does not display anything * 693238: Column format in docx file is not displayed correctly. * 693477: Format of Word .doc file from HP is bad. * 694119: Using File-->Send-->Document as E-mail will crash Impress * 694344: 3rd level bulleted items are not displayed properly. * 695479: RTF file is not displayed correctly by Writer. * 696630: DDE link from Calc to Excel needs Excel open to update link in Calc. * 699334: Presentation created in MS Office is missing text when opened in LibreOffice * 701317: xls spreadsheet macro fails with LibreOffice. * 702506: Writer crashes when opening docx files. * 704639: HTML document appearance changes when opened in open office vs LibreOffice * 704642: 16 digit numbers change in LibreOffice when opening a file created in MS Excel * 705949: Information missing from MS Word document when opened in LibreOffice (w:sdt) * 706792: crash when opening a pptx presentation. * 707486: Macro from excel fails on Selection.Copy when run in Calc. * 707779: Disappearing text * 708137: xls spreadsheet is extremely slow to open and check boxes are broken. * 708518: Bullet symbol is not rendered correctly in a specific slide. * 710061: ODP export to PDF produces broken images * 710920: RPM installation ending with redundant error. * 711977: File association for fod* files are missing. * 712358: Some extensions broken after upgrading. * 715268: Command libreoffice --help does not work when LibreOffice is already started * 715416: Impress crashes starting Slide show in the context of dual monitors extension mode. * 715931: failed to save an odp file. * 717262: libtool adds /usr/lib64 into rpath * 715856: LibreOffice:Stable/libreoffice-converter: Bug * 677354: The languagetool.rpm does not work as expected. * 693200: Documents created in MS Office cause LibreOffice to crash * 693386: Documents created in MS Office bring up the filter selection dialog when opened with LibreOffice * 693427: When using QT dialogs and not LibreOffice dialogs causes LibreOffice to hang when attempting to save a document * 706731: VBA Macros from MS Office Spreadsheet do not work correct with LibreOffice 3.3.1 Security Issue references: * CVE-2011-2685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2685> * CVE-2011-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713> SUSE bug 653519 SUSE bug 653662 SUSE bug 663622 SUSE bug 675868 SUSE bug 675961 SUSE bug 676858 SUSE bug 678998 SUSE bug 680272 SUSE bug 681738 SUSE bug 683578 SUSE bug 684784 SUSE bug 693238 SUSE bug 693477 SUSE bug 694119 SUSE bug 694344 SUSE bug 695479 SUSE bug 696630 SUSE bug 699334 SUSE bug 702506 SUSE bug 704311 SUSE bug 704639 SUSE bug 704642 SUSE bug 705949 SUSE bug 706792 SUSE bug 707486 SUSE bug 707779 SUSE bug 708137 SUSE bug 708518 SUSE bug 710061 SUSE bug 710920 SUSE bug 711977 SUSE bug 712358 SUSE bug 715268 SUSE bug 715416 SUSE bug 715856 SUSE bug 715931 SUSE bug 717262 CVE-2011-2685 CVE-2011-2713 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for librsvg SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code (CVE-2011-3146). Security Issue reference: * CVE-2011-3146 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146> SUSE bug 714980 CVE-2011-3146 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for librsvg (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/o:suse:sles:11:sp1:teradata Security update for librsvg (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for librsvg fixes the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - CVE-2015-7558: librsvg allowed context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document (bsc#977985). - CVE-2016-6163: svg pattern linking to non-pattern fallback leads to invalid memory access, allowing to cause DoS (bsc#987877). - CVE-2018-1000041: Fixed leaking credentials via SVG files that reference UNC paths (bsc#1083232) - CVE-2016-4348: Fixed a denial of service parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function (bsc#977986) - Fixed a stack exhaustion with circular references in <use> elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. This updated also removes the the Mozilla plugin package. Firefox can render SVG on its own and the plugin interface is obsolete. This update for libcroco fixes the following issue: - Fixed an issue where librsvg was throwing a segmentation fault (bsc#1094213). Moderate SUSE bug 1083232 SUSE bug 1094213 SUSE bug 1162501 SUSE bug 977985 SUSE bug 977986 SUSE bug 987877 CVE-2015-7558 CVE-2016-4348 CVE-2016-6163 CVE-2018-1000041 CVE-2019-20446 cpe:/o:suse:sles:11:sp1:teradata Security update for libsamplerate (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Moderate SUSE bug 1033564 CVE-2017-7697 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally a divide by zero error (CVE-2009-4835) has been fixed. Security Issue references: * CVE-2011-2696 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696> * CVE-2009-4835 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835> SUSE bug 631379 SUSE bug 705681 CVE-2009-4835 CVE-2011-2696 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the 'flac_buffer_copy()' function) (bsc#1033054, bsc#1033914, bsc#1033915). Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943) - CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946) - CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944) - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945) - CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054) Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 cpe:/o:suse:sles:11:sp1:teradata Recommended update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA - This update for libsndfile fixes a memory leak in an error path.(bsc#1038856) - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. (bsc#1069874) - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Moderate SUSE bug 1038856 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Moderate SUSE bug 1071767 SUSE bug 1071777 SUSE bug 1117954 CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile (Critical) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsndfile fixes the following issues: - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) Critical SUSE bug 1188540 CVE-2021-3246 cpe:/o:suse:sles:11:sp1:teradata Security update for libsndfile (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles:11:sp1:teradata Security update for net-snmp SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update to net-snmp resolves the following issues: * Specially crafted SNMP GET requests could cause a denial of service (application crash) via a heap-based out-out-bounds read flaw which could be exploited remotely (CVE-2012-2141). * The snmpd agent should read shared memory information from /proc/meminfo when running on Linux Kernel 2.6 or newer (bnc#762887). * The snmpd agent could crash when an AgentX sub-agent disconnects in the middle of a request (bnc#670789). * After rotating the net-snmp log file, use 'try-restart' to restart the daemon. Reloading with a SIGHUP signal may trigger crashes when dynamic modules (dlmod) are in use (bnc#762433). Security Issue reference: * CVE-2012-2141 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141> SUSE bug 670789 SUSE bug 759352 SUSE bug 762433 SUSE bug 762887 CVE-2012-2141 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libsoup SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Security Issue reference: * CVE-2011-2524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2524> SUSE bug 706630 CVE-2011-2524 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libsoup (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fixed a denial of service which was caused handling empty hostnames in get_cookies() (bsc#1100097). Moderate SUSE bug 1100097 CVE-2018-12910 cpe:/o:suse:sles:11:sp1:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange (fate#320343, bsc#961964) - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Moderate SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 cpe:/o:suse:sles:11:sp1:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Fixed an issue where libssh2 stops parsing known_hosts (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles:11:sp1:teradata Security update for libssh2_org (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles:11:sp1:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles:11:sp1:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles:11:sp1:teradata Security update for libtasn1 SUSE Linux Enterprise Server 11 SP1-TERADATA libtasn1 has been updated to fix three security issues: * asn1_get_bit_der() could have returned negative bit length (CVE-2014-3468) * Multiple boundary check issues could have allowed DoS (CVE-2014-3467) * Possible DoS by NULL pointer dereference in asn1_read_value_type (CVE-2014-3469) Security Issues: * CVE-2014-3468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468> * CVE-2014-3467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467> * CVE-2014-3469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469> SUSE bug 880735 SUSE bug 880737 SUSE bug 880738 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 cpe:/o:suse:sles:11:sp1:teradata Security update for libtasn1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 SUSE Linux Enterprise Server 11 SP1-TERADATA Tomcat has been updated to version 6.0.41, which brings security and bug fixes. The following security fixes have been fixed: * CVE-2014-0096: A XXE vulnerability via user supplied XSLTs. * CVE-2014-0099: Request smuggling via malicious content length header. * CVE-2014-0119: A XML parser hijack by malicious web application. Bugs fixed: * Socket bind fails on tomcat startup when using apr (IPV6) (bnc#881700) * classpath for org/apache/juli/logging/LogFactory (bnc#844689) Security Issues: * CVE-2014-0099 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099> * CVE-2014-0096 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096> * CVE-2014-0119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119> SUSE bug 844689 SUSE bug 865746 SUSE bug 880346 SUSE bug 880347 SUSE bug 880348 SUSE bug 881700 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 cpe:/o:suse:sles:11:sp1:teradata Security update for libtcnative-1-0 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability (bsc#938945) Moderate SUSE bug 938945 CVE-2015-4000 cpe:/o:suse:sles:11:sp1:teradata Security update for libtcnative-1-0 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Important SUSE bug 1078679 SUSE bug 1103347 SUSE bug 1103348 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:sles:11:sp1:teradata Security update for libtiff SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of tiff fixes a heap-based buffer overflow that could have caused a crash or potentially allowed attackers to execute arbitrary code (CVE-2012-3401). Security Issue reference: * CVE-2012-3401 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401> SUSE bug 770816 CVE-2012-3401 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libtirpc, rpcbind (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sles:11:sp1:teradata Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) Moderate SUSE bug 968175 cpe:/o:suse:sles:11:sp1:teradata Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Moderate SUSE bug 1106517 SUSE bug 1106519 SUSE bug 968175 CVE-2018-14621 CVE-2018-14622 cpe:/o:suse:sles:11:sp1:teradata Security update for libunwind (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libunwind fixes the following issues: - CVE-2015-3239: Fixed an off-by-one in dwarf_to_unw_regnum() (bsc#936786). Moderate SUSE bug 936786 CVE-2015-3239 cpe:/o:suse:sles:11:sp1:teradata Security update for nuts SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of nuts fixes a denial of service flaw that could have been exploited by remote attackers to cause an application crash of upsd. Security Issue reference: * CVE-2012-2944 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2944> SUSE bug 764699 CVE-2012-2944 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:sles:11:sp1:teradata Security update for libvorbis SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted Ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code (CVE-2012-0444). Security Issue reference: * CVE-2012-0444 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444> SUSE bug 747912 CVE-2012-0444 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 cpe:/o:suse:sles:11:sp1:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). Moderate SUSE bug 1085687 CVE-2018-5146 cpe:/o:suse:sles:11:sp1:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072). - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812). Moderate SUSE bug 1059812 SUSE bug 1091072 CVE-2017-14160 CVE-2018-10393 cpe:/o:suse:sles:11:sp1:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Moderate SUSE bug 1091070 CVE-2018-10392 cpe:/o:suse:sles:11:sp1:teradata Security update for openwsman SUSE Linux Enterprise Server 11 SP1-TERADATA This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901882 CVE-2014-3566 cpe:/o:suse:sles:11:sp1:teradata Security update for libxcrypt SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression. Security Issue reference: * CVE-2011-2483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483> SUSE bug 713727 CVE-2011-2483 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for libxml2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update fixes several libxml2 integer overflows which could have been used to crash libxml2 parsers or potentially execute code. Security Issues: * CVE-2012-2807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807> SUSE bug 769184 CVE-2012-2807 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Moderate SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Moderate SUSE bug 1005544 CVE-2016-4658 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Moderate SUSE bug 1010675 SUSE bug 1014873 CVE-2016-9318 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) * CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Moderate SUSE bug 1024989 SUSE bug 1044337 SUSE bug 1044887 SUSE bug 1044894 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) Moderate SUSE bug 1038444 CVE-2017-8872 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Moderate SUSE bug 1069689 SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-16932 CVE-2017-5130 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1102046 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 CVE-2018-14404 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Moderate SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). Moderate SUSE bug 1176179 CVE-2020-24977 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) Moderate SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 CVE-2014-0191 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Important SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 SUSE bug 1176179 SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2014-0191 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015). Moderate SUSE bug 1186015 CVE-2021-3541 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/o:suse:sles:11:sp1:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/o:suse:sles:11:sp1:teradata Security update for libxslt SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The following issue has been fixed: * Specially crafted XSL documents could have crashed libxslt (CVE-2012-2825) Security Issue reference: * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> SUSE bug 769182 CVE-2012-2825 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sles:11:sp1:teradata Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:suse:sles:11:sp1:teradata Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1140095 SUSE bug 1140101 SUSE bug 1154609 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 cpe:/o:suse:sles:11:sp1:teradata Security update for libzip1 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following bug has been fixed: * empty zip archives could crash programs using libzip (CVE-2011-0421). Security Issue reference: * CVE-2011-0421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421> SUSE bug 681193 CVE-2011-0421 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles:11:sp1:teradata Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles:11:sp1:teradata Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles:11:sp1:teradata Security update for LVM2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA clvmd, when running, allowed unprivileged local users to issue arbitrary lvm commands (CVE-2010-2526) via incorrect permissions. This has been fixed. SUSE bug 622537 CVE-2010-2526 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for mailman (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery (CSRF) vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option (bsc#995352). - Various other hardenings against CSFR attacks For details please see https://launchpad.net/mailman/+milestone/2.1.15 Moderate SUSE bug 995352 CVE-2016-6893 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205). Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a '+' (bsc#1102416) Important SUSE bug 1102416 SUSE bug 997205 CVE-2016-6893 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). Important SUSE bug 1167068 SUSE bug 1170558 CVE-2020-12137 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). Non-security issue fixed: - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Moderate SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 cpe:/o:suse:sles:11:sp1:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026): - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/o:suse:sles:11:sp1:teradata Security update for mgetty (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Important SUSE bug 1108752 SUSE bug 1108756 SUSE bug 1108757 SUSE bug 1108761 SUSE bug 1108762 CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 cpe:/o:suse:sles:11:sp1:teradata Security update for mgetty (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). Moderate SUSE bug 1142770 CVE-2019-1010190 cpe:/o:suse:sles:11:sp1:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for microcode_ctl fixes the following issues: This new firmware disables branch prediction on AMD family 17h processor. Also the CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via CPUID flag and ability to control branch prediction via an MSR register. This update is part of a mitigation for a branch predictor based information disclosure attack, and needs additional code in the Linux Kernel to be active (bsc#1068032 CVE-2017-5715) Important SUSE bug 1068032 CVE-2017-5715 cpe:/o:suse:sles:11:sp1:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA Update to Intel CPU Microcode version 20180108 (bsc#1075262 CVE-2017-5715) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). Important SUSE bug 1075262 CVE-2017-5715 cpe:/o:suse:sles:11:sp1:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 cpe:/o:suse:sles:11:sp1:teradata Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for microcode_ctl fixes the following security issue: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles:11:sp1:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles:11:sp1:teradata Security update to ucode-intel (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is also part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles:11:sp1:teradata Security update for minicom (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for minicom fixes the following issues: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783) Moderate SUSE bug 1033783 CVE-2017-7467 cpe:/o:suse:sles:11:sp1:teradata Security update for mipv6d SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following issues have been fixed: * the mipv6 daemon did not check the origin of netlink messages, therefore allowing local users to spoof messages (CVE-2010-2522). * remote attackers could cause buffer overflows in mipv6d (CVE-2010-2523). Security Issues references: * CVE-2010-2522 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2522> * CVE-2010-2523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2523> SUSE bug 424311 CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for mono-core (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed: - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Moderate SUSE bug 954447 SUSE bug 959888 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 SUSE bug 967087 CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:sles:11:sp1:teradata Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Important SUSE bug 935033 SUSE bug 935979 SUSE bug 940806 SUSE bug 940918 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla NSS SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependend algorithms. * Support for AES-GCM cipher suites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Mozilla NSPR was updated to 4.10.1 bringing api additions and bugfixes. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr was updated to version 4.25. Important SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173032 CVE-2019-11727 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles:11:sp1:teradata Security update for Mozilla-XULrunner SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. * MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits * Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) * MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. * MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. * MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. SUSE bug 689281 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-1202 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Mozilla XULrunner SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026> SUSE bug 747328 CVE-2011-3026 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for mutt SUSE Linux Enterprise Server 11 SP1-TERADATA The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. Security Issues references: * CVE-2014-0467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467> SUSE bug 868115 CVE-2014-0467 cpe:/o:suse:sles:11:sp1:teradata Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Important SUSE bug 1101567 SUSE bug 1101570 SUSE bug 1101571 SUSE bug 1101573 SUSE bug 1101576 SUSE bug 1101577 SUSE bug 1101578 SUSE bug 1101581 SUSE bug 1101582 SUSE bug 1101588 SUSE bug 1101589 SUSE bug 936807 CVE-2018-14349 CVE-2018-14350 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 cpe:/o:suse:sles:11:sp1:teradata Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles:11:sp1:teradata Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:suse:sles:11:sp1:teradata Security update for mutt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). Moderate SUSE bug 1181221 CVE-2021-3181 cpe:/o:suse:sles:11:sp1:teradata Security update for mutt (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). Moderate SUSE bug 1198518 CVE-2022-1328 cpe:/o:suse:sles:11:sp1:teradata Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Moderate SUSE bug 934789 SUSE bug 959724 CVE-2015-4000 cpe:/o:suse:sles:11:sp1:teradata Security update for nagios (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Moderate SUSE bug 1011630 SUSE bug 1018047 CVE-2016-10089 CVE-2016-8641 cpe:/o:suse:sles:11:sp1:teradata Security update for nagios-nrpe (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for nagios-nrpe fixes one issue. This security issue was fixed: - CVE-2015-4000: Prevent Logjam. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE (bsc#938906). Moderate SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles:11:sp1:teradata Security update for nautilus (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file (bsc#1060031). Low SUSE bug 1060031 CVE-2017-14604 cpe:/o:suse:sles:11:sp1:teradata Recommended update for ncurses (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Important SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). Important SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1069530 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-16879 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Moderate SUSE bug 1056127 CVE-2017-13733 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fixed an infinite loop in the next_char function (bsc#1056136). - CVE-2017-13729: Fixed an illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fixed an illegal address access in the function _nc_read_entry_source (bsc#1056131). - CVE-2017-13731: Fixed an illegal address access in the function postprocess_termcap (bsc#1056129). - CVE-2017-13732: Fixed an illegal address access in the function dump_uses (bsc#1056128). - CVE-2017-13733: Fixed an illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13734: Fixed an illegal address access in the _nc_safe_strcat (bsc#1056126). - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037) Moderate SUSE bug 1056126 SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1131830 SUSE bug 1154037 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 CVE-2018-10754 CVE-2019-17595 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed NULL pointer dereference at function _nc_parse_entry in parse_entry.c (bsc#1115929). Bug fixes: - Modify bsc#1115929 patch to fix change in form_driver() that breaks ncurses-5.9 and the variable move_after_insert of ncurses-6.1 (bsc#1121450). Important SUSE bug 1115929 SUSE bug 1121450 CVE-2018-19211 cpe:/o:suse:sles:11:sp1:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) Moderate SUSE bug 1190793 CVE-2021-39537 cpe:/o:suse:sles:11:sp1:teradata Security update for net-snmp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/o:suse:sles:11:sp1:teradata Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Moderate SUSE bug 1024287 CVE-2017-2581 cpe:/o:suse:sles:11:sp1:teradata Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 cpe:/o:suse:sles:11:sp1:teradata Security update for nmap (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Important SUSE bug 1104139 SUSE bug 1135350 CVE-2018-15173 cpe:/o:suse:sles:11:sp1:teradata Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for mozilla-nss SUSE Linux Enterprise Server 11 SP1-TERADATA Mozilla NSS was updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was used to create man-in-the-middle certificates. SUSE bug 854367 cpe:/o:suse:sles:11:sp1:teradata Security update for libfreebl3 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update updates Mozilla NSS to 3.12.11. The update marks the compromised DigiNotar Certificate Authority as untrusted For more information read: MFSA 2011-34 <http://www.mozilla.org/security/announce/2011/mfsa2011-34.html> * update to 3.12.10 o root CA changes o filter certain bogus certs (bmo#642815) o fix minor memory leaks o other bugfixes * update to 3.12.9 o fix minor memory leaks (bmo#619268) o fix crash in nss_cms_decoder_work_data (bmo#607058) o fix crash in certutil (bmo#620908) o handle invalid argument in JPAKE (bmo#609068) o J-PAKE support (API requirement for Firefox >= 4.0b8) * replaced expired PayPal test certificate (fixing testsuite) * removed DigiNotar root certifiate from trusted db (bmo#682927) This update also brings the prerequired Mozilla NSPR to version 4.8.9. * update to 4.8.9 * update to 4.8.8 o support IPv6 on Android (bmo#626866) o use AI_ADDRCONFIG for loopback hostnames (bmo#614526) o support SDP sockets (bmo#518078) o support m32r architecture (bmo#635667) o use atomic functions on ARM (bmo#626309) o some other fixes not affecting the Linux platform SUSE bug 714931 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues: Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) Major functional changes: - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option. - 'kod' was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. These security issues were fixed: - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove 'kod' from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add 'addserver' as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. - bsc#784760: Remove local clock from default configuration. - bsc#942441/fate#319496: Require perl-Socket6. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - bsc#920183: Allow -4 and -6 address qualifiers in 'server' directives. - Use upstream ntp-wait, because our version is incompatible with the new ntpq command line syntax. Important SUSE bug 782060 SUSE bug 784760 SUSE bug 905885 SUSE bug 910063 SUSE bug 916617 SUSE bug 920183 SUSE bug 920238 SUSE bug 926510 SUSE bug 936327 SUSE bug 937837 SUSE bug 942441 SUSE bug 942587 SUSE bug 943216 SUSE bug 943218 SUSE bug 944300 SUSE bug 946386 SUSE bug 951351 SUSE bug 951559 SUSE bug 951608 SUSE bug 951629 SUSE bug 954982 SUSE bug 956773 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962994 SUSE bug 962995 SUSE bug 962997 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 975981 CVE-2015-5194 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226). Important SUSE bug 957226 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 cpe:/o:suse:sles:11:sp1:teradata Security update for libtasn1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Moderate SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). Important SUSE bug 979302 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Moderate SUSE bug 1014172 SUSE bug 1030050 SUSE bug 1031085 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. Moderate SUSE bug 1077445 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1001182 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles:11:sp1:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles:11:sp1:teradata Security update for OFED SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following reports for OFED: * 704914: Fixed NFS client over TCP hangs due to packet loss. * 693243: Fixed issue with building lustre against ofed-devel. * 706175: Fix crash on accessing /proc/net/sdpstats * 722030: Cannot load ib_ipath * 703752: Prevent BUG_ON triggering on congestion Security Issue reference: * CVE-2011-1023 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1023> SUSE bug 693243 SUSE bug 703752 SUSE bug 704914 SUSE bug 706175 SUSE bug 722030 CVE-2011-1023 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). - CVE-2019-13565: Fixed an authentication bypass caused by incorrect authorization of another connection, granting excess connection rights (bsc#1143194). - CVE-2019-13057: Fixed an issue with improper authorization with delegated database admin privileges (bsc#1143273). Important SUSE bug 1143194 SUSE bug 1143273 SUSE bug 1170771 CVE-2019-13057 CVE-2019-13565 CVE-2020-12243 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a local privilege escalation from ldap to root (bsc#1172698). Moderate SUSE bug 1172698 CVE-2020-8023 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openldap2 fixes the following security issue: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Moderate SUSE bug 1178909 CVE-2020-25709 CVE-2020-25710 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 SUSE Linux Enterprise Server 11 SP1-TERADATA openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) Security Issues: * CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> SUSE bug 846389 SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/o:suse:sles:11:sp1:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) Important SUSE bug 937766 SUSE bug 945582 CVE-2015-4000 CVE-2015-6908 cpe:/o:suse:sles:11:sp1:teradata Security update for opensc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16422 CVE-2018-16423 CVE-2018-16427 cpe:/o:suse:sles:11:sp1:teradata Security update for opensc (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for opensc fixes the following issues: Security issue fixed: - CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756). Low SUSE bug 1122756 CVE-2019-6502 cpe:/o:suse:sles:11:sp1:teradata Security update for opensc (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for opensc fixes the following issues: - CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380) - CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747) - CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746) - CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256) - CVE-2020-26572: Prevent out of bounds write (bsc#1177378) Moderate SUSE bug 1149746 SUSE bug 1149747 SUSE bug 1158256 SUSE bug 1177378 SUSE bug 1177380 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26571 CVE-2020-26572 cpe:/o:suse:sles:11:sp1:teradata Security update for opensc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1192005 CVE-2021-42780 CVE-2021-42782 cpe:/o:suse:sles:11:sp1:teradata Security update for openslp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This collective security update of openssh fixes multiple security issues: * memory exhaustion in gssapi due to integer overflow (bnc#756370, CVE-2011-5000) * forced command option information leak (bnc#744643, CVE-2012-0814) Additionally, the following bug has been fixed: * bnc#752354 server-side delay upon user exiting a ssh session, due to DNS queries from libaudit SUSE bug 709782 SUSE bug 744643 SUSE bug 752354 SUSE bug 756370 CVE-2011-5000 CVE-2012-0814 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA openssh was updated to fix four security issues. These security issues were fixed: - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). - CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483). - Hardening patch to fix sftp RCE (bsc#903649). These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. Moderate SUSE bug 673532 SUSE bug 903649 SUSE bug 905118 SUSE bug 914309 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-6210: User enumeration through the timing of password (bsc#989363) - CVE-2016-3115: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding inject commands to xauth (bsc#970632) - CVE-2016-1908: X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: Malicious users may attach /bin/login via LD_PRELOAD or similar environment variables set via PAM if PAM is configured to read user-specified environment and UseLogin=yes is set is sshd_config (bsc#975865) - CVE-2016-6515: Remote attackers could cause a denial of service by providing exceptionally long passwords (bsc#992533) The following security related changes are included: - bsc#932483, bsc#948902: Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - bsc#948902: Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used The following tracked changes are included: - bsc#981654: avoid complaining about unset DISPLAY variable - bsc#959096: initialise msg_id to prevent disconnections - bsc#962794: relax version requires for the openssh-askpass subpackage Moderate SUSE bug 932483 SUSE bug 948902 SUSE bug 959096 SUSE bug 962313 SUSE bug 962794 SUSE bug 970632 SUSE bug 975865 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480, CVE-2016-8858) - Properly verify CIDR masks in configuration (bsc#1005893) Low SUSE bug 1005480 SUSE bug 1005893 CVE-2016-8858 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh, openssh-askpass, openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh, openssh-askpass, openssh-openssl1 fixes the following issues: Upgrade to OpenSSH version 6.6p1 (bsc#1077104, bsc#1034467) This also adds another build using '-openssl1' suffix, which can be installed - require openssh-askpass of the same version or newer. - change the Supplements tag to combination of both openssh and X11 to prevent accidental imports of the X11 packages into minimal installs (bsc#886235) Moderate SUSE bug 1034467 SUSE bug 1077104 SUSE bug 886235 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh version 6.6p1 fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) The regular openssh version was updated to openssh 6.6p1, the -openssl1 variant was at this version already. Important SUSE bug 1121571 CVE-2018-20685 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Moderate SUSE bug 1090671 SUSE bug 1115550 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh SUSE Linux Enterprise Server 11 SP1-TERADATA This update for OpenSSH provides fixes for the following issues: * Exit sshd normally when port is already in use. (bnc#832628) * Use hardware crypto engines where available. (bnc#826427) * Use correct options for login when it is used. (bnc#833605) * Move FIPS messages to higher debug level. (bnc#862875) * Fix forwarding with IPv6 addresses in DISPLAY. (bnc#847710) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) * Parse AcceptEnv properly. (bnc#869101, CVE-2014-2532) * Properly terminate connections on server reboot/powerdown. (bnc#798362) Security Issue reference: * CVE-2014-2532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532> SUSE bug 798362 SUSE bug 826427 SUSE bug 826906 SUSE bug 832628 SUSE bug 833605 SUSE bug 847710 SUSE bug 862875 SUSE bug 869101 CVE-2014-2532 cpe:/o:suse:sles:11:sp1:teradata Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssh-openssl1 fixes the following security issues: - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Non security bugfixes: - Fix for sftp client because it returns wrong error code upon failure (bsc#1091396) - Stop leaking File descriptors (bsc#964336) Moderate SUSE bug 1076957 SUSE bug 1091396 SUSE bug 1105010 SUSE bug 1115654 SUSE bug 1116577 SUSE bug 964336 CVE-2016-10708 CVE-2018-15473 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 984663 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) Moderate SUSE bug 1089039 CVE-2018-0737 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785). Important SUSE bug 1153785 CVE-2019-1563 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root Certificate hashes - bsc#889013: Rename README.SuSE to the new spelling README.SUSE - bsc#976943: Fixed a buffer overrun in ASN1_parse. - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) Important SUSE bug 889013 SUSE bug 971354 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977616 SUSE bug 977617 SUSE bug 977621 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: penSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 982745 SUSE bug 983249 SUSE bug 990419 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - call c_rehash in %post (bsc#1001707) - ship static libraries in the devel package (bsc#1022644) Moderate SUSE bug 1000677 SUSE bug 1001707 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022644 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) - Require openssl1, so c_rehash1 is available during %post to hash the certificates (bsc#1057660) Important SUSE bug 1027908 SUSE bug 1032261 SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1057660 SUSE bug 1065363 SUSE bug 990592 CVE-2017-3735 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1089039 SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 CVE-2018-0737 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following security issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - Add missing commits fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory problem in 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp1:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openssl1 fixes the following issues: - CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877) Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles:11:sp1:teradata Security update for openswan SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA openswan's crypto helper was prone to an use-after-free flaw which could potentially allow remote attackers to cause a Denial of Service (CVE-2011-4073, bnc#727002). Additionally, the following issues have been fixed: * AH handshake problems (bnc#713986), * potential dereference of no longer valid pointers, * mode handling issues Security Issue reference: * CVE-2011-4073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073> SUSE bug 713986 SUSE bug 727002 CVE-2011-4073 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for openvpn SUSE Linux Enterprise Server 11 SP1-TERADATA OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061> SUSE bug 843509 CVE-2013-2061 cpe:/o:suse:sles:11:sp1:teradata Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openvpn fixes the following issues: - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 CVE-2017-7478 CVE-2017-7479 cpe:/o:suse:sles:11:sp1:teradata Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Important SUSE bug 1044947 CVE-2017-7508 cpe:/o:suse:sles:11:sp1:teradata Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openvpn fixes the following security issue: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). Important SUSE bug 1060877 CVE-2017-12166 cpe:/o:suse:sles:11:sp1:teradata Security update for openvpn (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openvpn fixes the following issues: - CVE-2016-6329: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \'Sweet32\' attack. (bsc#995374) Moderate SUSE bug 995374 CVE-2016-6329 cpe:/o:suse:sles:11:sp1:teradata Security update for openwsman (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sles:11:sp1:teradata Security update for opie SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes off-by-one errors in opiesu (CVE-2011-2489) and missing setuid() return value checks in opielogin (CVE-2011-2490). This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local: /usr/bin/opiesu root:root 4755 Security Issue references: * CVE-2011-2489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2489> * CVE-2011-2490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2490> SUSE bug 698772 CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for orca (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Moderate SUSE bug 916835 CVE-2013-4245 cpe:/o:suse:sles:11:sp1:teradata Security update for pam (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for pam fixes the following issues: Security issues fixed: - CVE-2015-3238: Fixed a denial of service and information leak which could be caused by very long passwords (bsc#934920). - CVE-2013-7041: Fixed a potential authentication bypass where password hashes weren't compared case-sensitively (bsc#854480). Moderate SUSE bug 854480 SUSE bug 934920 CVE-2013-7041 CVE-2015-3238 cpe:/o:suse:sles:11:sp1:teradata Security update for pam-modules (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for pam-modules fixes the following issue. This security issue was fixed: - CVE-2011-3172: Ensure that unix2_chkpwd calls pam_acct_mgmt to prevent usage of locked accounts (bsc#707645, bsc#839386). Moderate SUSE bug 707645 SUSE bug 839386 CVE-2011-3172 cpe:/o:suse:sles:11:sp1:teradata Security update for pam_pkcs11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) Moderate SUSE bug 1105012 cpe:/o:suse:sles:11:sp1:teradata Security update for pango SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Specially crafted font files could cause a heap corruption in applications linked against pango (CVE-2011-0064, CVE-2011-0020). Security Issue references: * CVE-2011-0064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064> * CVE-2011-0020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020> SUSE bug 666101 SUSE bug 672502 CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for patch (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): Important SUSE bug 1059698 SUSE bug 1080918 SUSE bug 1088420 SUSE bug 662957 SUSE bug 914891 CVE-2010-4651 CVE-2014-9637 CVE-2016-10713 CVE-2018-1000156 cpe:/o:suse:sles:11:sp1:teradata Security update for pcsc-lite SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA An integer overflow in pcsc-ccid and a buffer overflow in pcsc-lite while handling smart card responses have been fixed. CVE-2010-4530 and CVE-2010-4531 have been assigned to these issues. Additionally a new device ID for card readers was added. Security Issue references: * CVE-2010-4531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531> * CVE-2010-4530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4530> SUSE bug 651759 SUSE bug 661000 CVE-2010-4530 CVE-2010-4531 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for pcsc-lite SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of pcsc-lite fixes a local vulnerability (stack overflow) which allowed every user with write-access to '/var/run/pcscd/pcscd.comm' to gain root privileges. CVE-2010-0407 has been assigned to this issue. SUSE bug 609317 CVE-2010-0407 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for perf SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following perf tool bugs have been fixed: * it was issuing excessive number of gettimeofday calls creating noise when trying to measure performance (bnc#607339). * it would consider a file named 'config' in the current-working-directory as containing perf configuration data, this fact could be exploited by a malicious user (bnc#711414, CVE-2011-2905) . Security Issue reference: * CVE-2011-2905 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2905> SUSE bug 607339 SUSE bug 711414 CVE-2011-2905 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Perl SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a bug in Perl that makes spamassassin crash and does not allow bypassing taint mode by using lc() or uc() anymore. * CVE-2010-4777: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) * CVE-2011-1487: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): Permissions, Privileges, and Access Control (CWE-264) Security Issue reference: * CVE-2010-4777 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4777> SUSE bug 657625 SUSE bug 676086 SUSE bug 684799 CVE-2010-4777 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl fixes the following issues: These security issues were fixed: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) - CVE-2018-6913: Prevent heap-based buffer overflow in the pack function that allowed context-dependent attackers to execute arbitrary code via a large item count (bsc#1082216). - CVE-2018-6798: Matching a crafted locale dependent regular expression could have caused a heap-based buffer over-read and potentially information disclosure (bsc#1082233). - CVE-2017-6512: Prevent race condition in the rmtree and remove_tree functions in the File-Path module that allowed attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic (bsc#1047178) - CVE-2016-6185: The XSLoader::load method did not properly locate .so files when called in a string eval, which might have allowed local users to execute arbitrary code via a Trojan horse library under the current working directory (bsc#988311) - CVE-2016-1238: (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL did not properly remove . (period) characters from the end of the includes directory array, which might have allowed local users to gain privileges via a Trojan horse module under the current working directory (bsc#987887) - CVE-2015-8853: The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions allowed context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data (bsc#976584) - CVE-2016-2381: Perl might have allowed context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp (bsc#967082) These non-security issues were fixed: - Fix perl panic with utf8_mg_pos_cache_update [bsc#929027] - Fix sprintf calling sv_pos_u2b with a wrong offset, leading to a panic [bsc#900455] Moderate SUSE bug 1047178 SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1096718 SUSE bug 900455 SUSE bug 929027 SUSE bug 967082 SUSE bug 976584 SUSE bug 987887 SUSE bug 988311 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 CVE-2017-6512 CVE-2018-12015 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-Archive-Zip (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497). Moderate SUSE bug 1099497 CVE-2018-10860 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-Config-General SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update adds the perl-Config-General to the SLES update channel, which is a new requirement after the last tgt security release. * 697106: tgt is not installable SUSE bug 697106 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for perl-Convert-ASN1 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934). Moderate SUSE bug 1168934 CVE-2013-7488 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-DBD-mysql fixes the following issues: - Add patch to fix CVE-2016-1251 (bsc#1012546) use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Moderate SUSE bug 1012546 CVE-2016-1251 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Moderate SUSE bug 1002626 SUSE bug 1010457 CVE-2016-1246 CVE-2016-1249 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a \'your communication with the server will be encrypted\' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059) - CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095) Moderate SUSE bug 1047059 SUSE bug 1047095 CVE-2017-10788 CVE-2017-10789 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). - CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493). Important SUSE bug 1176493 SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2013-7491 CVE-2019-20919 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-PlRPC (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-PlRPC fixes the following issues: - Security notice: [bsc#858243, CVE-2013-7284] * Document security vulnerability on Storable and reply attack - Add perl-PlRPC-CVE-2013-7284.patch Moderate SUSE bug 858243 CVE-2013-7284 cpe:/o:suse:sles:11:sp1:teradata Security update for perl-XML-LibXML (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Important SUSE bug 1046848 CVE-2017-10672 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA The PHP5 script interpreter was updated to fix security issues: * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Important SUSE bug 945412 SUSE bug 945428 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues [bsc#976997] - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() [bsc#976996] Important SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 973351 SUSE bug 976996 SUSE bug 976997 CVE-2014-9767 CVE-2015-8835 CVE-2015-8866 CVE-2016-3141 CVE-2016-3185 CVE-2016-4070 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994). - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830). - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). Moderate SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978830 SUSE bug 980373 SUSE bug 980375 SUSE bug 981050 SUSE bug 982011 SUSE bug 982012 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5094 CVE-2016-5095 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Important SUSE bug 986004 SUSE bug 986244 SUSE bug 986386 SUSE bug 986388 SUSE bug 986393 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 SUSE bug 999679 SUSE bug 999682 SUSE bug 999819 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7413 CVE-2016-7418 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Important SUSE bug 1022219 SUSE bug 1022260 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10161 CVE-2016-10167 CVE-2016-10168 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. (bsc#1040883) - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889) - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching. (bsc#1040891) Moderate SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx could lead to denial of service (bsc#1050241) Moderate SUSE bug 1047454 SUSE bug 1048096 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 986386 CVE-2016-10168 CVE-2016-10397 CVE-2016-5766 CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-7890 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes one issues. This security issue was fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) Moderate SUSE bug 1054430 CVE-2017-12933 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Moderate SUSE bug 1069606 SUSE bug 1069631 CVE-2017-9228 CVE-2017-9229 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes one issues. This security issue was fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391). Important SUSE bug 1076391 SUSE bug 1080234 CVE-2016-10712 CVE-2018-5711 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex (bsc#1083639). Moderate SUSE bug 1083639 CVE-2018-7584 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Moderate SUSE bug 1091355 SUSE bug 1091363 CVE-2018-10546 CVE-2018-10548 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Moderate SUSE bug 1099098 CVE-2018-12882 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) - CVE-2018-14851: Fixed an out-of-bounds read and application crash in exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c, which allowed remote attackers to cause a denial of service (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow that could lead to a heap-based buffer over-read in exif_thumbnail_extract of exif.c and allowed remote attackers to cause a denial of service (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Moderate SUSE bug 1103659 SUSE bug 1103836 SUSE bug 1105466 SUSE bug 1108753 CVE-2017-9118 CVE-2018-14851 CVE-2018-14883 CVE-2018-17082 cpe:/o:suse:sles:11:sp1:teradata Recommended update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6977: Fixed a heap-based buffer overflow in the GD graphics library (bsc#1123354). - CVE-2019-6978: Fixed a double free in the GD graphics library (bsc#1123522). Moderate SUSE bug 1123354 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2019-9020 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Moderate SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Moderate SUSE bug 1138172 SUSE bug 1138173 CVE-2019-11039 CVE-2019-11040 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1140118 SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Important SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 SUSE bug 1161982 SUSE bug 1162629 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-20433 CVE-2020-7059 cpe:/o:suse:sles:11:sp1:teradata Security update for php7 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php7 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352). - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Moderate SUSE bug 1168326 SUSE bug 1168352 SUSE bug 1171999 CVE-2019-11048 CVE-2020-7064 CVE-2020-7066 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Important SUSE bug 1177352 CVE-2020-7070 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). - CVE-2021-21702: NULL pointer dereference in SoapClient (bsc#1182049) Important SUSE bug 1180706 SUSE bug 1182049 CVE-2020-7071 CVE-2021-21702 cpe:/o:suse:sles:11:sp1:teradata Security update for php5 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for php5 fixes the following issues: - CVE-2021-21705 [bsc#1188037]: SSRF bypass in FILTER_VALIDATE_URL Moderate SUSE bug 1188037 CVE-2021-21705 cpe:/o:suse:sles:11:sp1:teradata Security update for pixman (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for pixman fixes the following issues: - This issue is needed to fix security issue in qemu that is tracked by CVE-2017-2633. Moderate SUSE bug 1074701 CVE-2017-2633 cpe:/o:suse:sles:11:sp1:teradata Security update for policycoreutils (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Low SUSE bug 1000998 CVE-2016-7545 cpe:/o:suse:sles:11:sp1:teradata Security update for policycoreutils (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Moderate SUSE bug 1083624 CVE-2018-1063 cpe:/o:suse:sles:11:sp1:teradata Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Moderate SUSE bug 976844 CVE-2015-8868 cpe:/o:suse:sles:11:sp1:teradata Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) Moderate SUSE bug 1061265 SUSE bug 1064593 SUSE bug 1074453 CVE-2017-1000456 CVE-2017-14977 CVE-2017-15565 cpe:/o:suse:sles:11:sp1:teradata Security update for RPM SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Multiple security vulnerabilities were reported in RPM which could be exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code. Additionally, a non-security issue was fixed that could cause a division by zero in cycles calculation under rare circumstances. Security Issue references: * CVE-2012-0815 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0815> * CVE-2012-0060 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0060> * CVE-2012-0061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061> SUSE bug 747225 SUSE bug 754281 SUSE bug 754284 SUSE bug 754285 CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/o:suse:sles:11:sp1:teradata Security update for PostgreSQL SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are: * Prevent access to external files/URLs via XML entity references. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server (CVE-2012-3489, bnc#776524). * Prevent access to external files/URLs via 'contrib/xml2''s xslt_process(). libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488, bnc#776523). Also, remove xslt_process()'s ability to fetch documents and stylesheets from external files/URLs. * Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143) * Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler. Applying such attributes to a call handler could crash the server. (CVE-2012-2655) * Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC. Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload. * Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone. This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions. * Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings. * Fix memory copying bug in to_tsquery(). * Fix slow session startup when pg_attribute is very large. If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once. * Ensure sequential scans check for query cancel reasonably often. A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile. * Show whole-row variables safely when printing views or rules. Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast. * Ensure autovacuum worker processes perform stack depth checking properly. Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes. * Fix logging collector to not lose log coherency under high load. The collector previously could fail to reassemble large messages if it got too busy. * Fix logging collector to ensure it will restart file rotation after receiving SIGHUP. * Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable. * Fix several performance problems in pg_dump when the database contains many objects. pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences. * Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error. Security Issue references: * CVE-2012-2143 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143> * CVE-2012-2655 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655> * CVE-2012-3489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489> * CVE-2012-3488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488> SUSE bug 760511 SUSE bug 765069 SUSE bug 766799 SUSE bug 767505 SUSE bug 770193 SUSE bug 773771 SUSE bug 774616 SUSE bug 774617 SUSE bug 775399 SUSE bug 775402 SUSE bug 776523 SUSE bug 776524 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for postgresql-init (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root (bsc#1062722) Moderate SUSE bug 1062722 CVE-2017-14798 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 brings version 10.6 to SUSE Linux Enterprise 11. This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Moderate SUSE bug 1134689 CVE-2019-10130 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 to version 10.9 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html - update to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html Important SUSE bug 1171924 SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). Moderate SUSE bug 1185924 SUSE bug 1185925 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql91 SUSE Linux Enterprise Server 11 SP1-TERADATA The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues: * Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161). For a comprehensive list of fixes, please refer to the following release notes: * http://www.postgresql.org/docs/9.1/static/release-9-1-15.html <http://www.postgresql.org/docs/9.1/static/release-9-1-15.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html <http://www.postgresql.org/docs/9.1/static/release-9-1-14.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html <http://www.postgresql.org/docs/9.1/static/release-9-1-13.html> Security Issues: * CVE-2015-0241 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241> * CVE-2015-0243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243> * CVE-2015-0244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244> * CVE-2014-8161 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161> SUSE bug 916953 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql91 SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements. The following vulnerabilities have been fixed: * CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972) * CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973) * CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974) For a comprehensive list of changes, please refer to http://www.postgresql.org/docs/9.1/static/release-9-1-18.html <http://www.postgresql.org/docs/9.1/static/release-9-1-18.html> . This update also includes changes in PostgreSQL's packaging to prepare for the migration to the new major version 9.4. (FATE#316970, bsc#907651) Security Issues: * CVE-2015-3165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165> * CVE-2015-3166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166> * CVE-2015-3167 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167> SUSE bug 907651 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql91 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Moderate SUSE bug 949669 CVE-2015-5288 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix 'unresolved symbol' errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html - Relax dependency on libpq to major version. Important SUSE bug 949669 SUSE bug 949670 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). For the non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Important SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Moderate SUSE bug 1029547 SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Important SUSE bug 1104199 CVE-2018-10915 cpe:/o:suse:sles:11:sp1:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles:11:sp1:teradata Security update for ppp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Moderate SUSE bug 927841 CVE-2015-3310 cpe:/o:suse:sles:11:sp1:teradata Security update for ppp (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles:11:sp1:teradata Security update for procmail SUSE Linux Enterprise Server 11 SP1-TERADATA procmail was updated to fix a security issue in its formail helper. * When formail processed specially crafted e-mail headers a heap corruption could be triggered, which would lead to a crash of formail. (CVE-2014-3618) Security Issues: * CVE-2014-3618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618> SUSE bug 894999 CVE-2014-3618 cpe:/o:suse:sles:11:sp1:teradata Security update for procmail (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for procmail fixes the following issues: Security issue fixed: - CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648) Moderate SUSE bug 1068648 CVE-2017-16844 cpe:/o:suse:sles:11:sp1:teradata Security update for puppet SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The following bugs have been fixed in puppet: * bnc#770828, CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master * bnc#770829, CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients * bnc#770833, CVE-2012-3867: puppet: insufficient input validation for agent certificate names Security Issue references: * CVE-2012-3867 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867> * CVE-2012-3864 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864> * CVE-2012-3865 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865> SUSE bug 770828 SUSE bug 770829 SUSE bug 770833 CVE-2012-3864 CVE-2012-3865 CVE-2012-3867 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for puppet (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older than 3.2.2 as the SLE11 master doesn't support other fact formats than pson in default anymore. In order to allow users to continue using their SLE11 agents a patch was added that enables sending PSON from agents. For non-SUSE clients older that 3.2.2 a new puppet master boolean option 'dangerous_fact_formats' was added. When it's set to true it enables using dangerous fact formats (e.g. YAML). When it's set to false, only PSON fact format is accepted. (bsc#1040151), (bsc#1077767) Moderate SUSE bug 1040151 SUSE bug 1077767 CVE-2017-2295 cpe:/o:suse:sles:11:sp1:teradata Security update for puppet (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for puppet fixes the following issues: Security issue fixed: - CVE-2020-7942: Added a warning for a vulnerable configuration option, which could allow for information disclosure in certain setups. Disabling it my break some setups. (bsc#1167645) Non-security issue fixed: - Fixed deletion of puppet master file /etc/puppet/manifests/site.pp during updates (bsc#935899). Moderate SUSE bug 1167645 SUSE bug 935899 CVE-2020-7942 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Moderate SUSE bug 984751 SUSE bug 985348 SUSE bug 989523 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). Moderate SUSE bug 1068664 CVE-2017-1000158 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Important SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 985177 CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Moderate SUSE bug 1109847 CVE-2018-14647 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) Moderate SUSE bug 1149955 CVE-2019-16056 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). Moderate SUSE bug 1162367 CVE-2020-8492 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). Moderate SUSE bug 1155094 SUSE bug 1162825 CVE-2019-18348 CVE-2019-9674 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Important SUSE bug 1177211 CVE-2020-26116 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2021-23336: which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). - Switch off -O0 non-optimization. - CVE-2021-3177: fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. Moderate SUSE bug 1181126 SUSE bug 1182379 CVE-2021-23336 CVE-2021-3177 cpe:/o:suse:sles:11:sp1:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2019-9947: Fixed a CRLF injection that can occur if the attacker controls a url parameter. (bsc#1130840) Moderate SUSE bug 1130840 SUSE bug 1189241 SUSE bug 1189287 CVE-2019-9947 CVE-2021-3733 CVE-2021-3737 cpe:/o:suse:sles:11:sp1:teradata Security update for Python SUSE Linux Enterprise Server 11 SP1-TERADATA This Python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:sles:11:sp1:teradata Security update for Python SUSE Linux Enterprise Server 11 SP1-TERADATA Python has been updated to fix one security issue: * Potential wraparound/overflow in buffer() (CVE-2014-7185) As an additional hardening measure SSLv2 was disabled (bnc#901715). Security Issues: * CVE-2014-7185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185> SUSE bug 898572 SUSE bug 901715 CVE-2014-7185 cpe:/o:suse:sles:11:sp1:teradata Security update for python SUSE Linux Enterprise Server 11 SP1-TERADATA This update for Python fixes the following security issues: * bnc#834601: SSL module does not handle certificates that contain hostnames with NULL bytes. (CVE-2013-4238) * bnc#856836: Various stdlib read flaws. (CVE-2013-1752) Additionally, the following non-security issues have been fixed: * bnc#859068: Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. * bnc#847135: Setting fips=1 at boot time causes problems with Python due to MD5 usage. Security Issue references: * CVE-2013-4073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073> * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 SUSE bug 847135 SUSE bug 856836 SUSE bug 859068 CVE-2013-4073 CVE-2013-4238 cpe:/o:suse:sles:11:sp1:teradata Security update for Python SUSE Linux Enterprise Server 11 SP1-TERADATA Python was updated to fix a security issue in the socket.recvfrom_into function, where data could be written over the end of the buffer. (CVE-2014-1912) Security Issue reference: * CVE-2014-1912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912> SUSE bug 863741 CVE-2014-1912 cpe:/o:suse:sles:11:sp1:teradata Security update for Python SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The urlparse module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650> SUSE bug 872848 SUSE bug 885882 CVE-2014-4650 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for python-imaging SUSE Linux Enterprise Server 11 SP1-TERADATA This python-imaging update fixes the following two security issues: * bnc#863541: Fixed insecure temporary file creation and handling (CVE-2014-1932, CVE-2014-1933) Security Issue references: * CVE-2014-1932 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932> * CVE-2014-1933 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933> SUSE bug 863541 CVE-2014-1932 CVE-2014-1933 cpe:/o:suse:sles:11:sp1:teradata Security update for python-numpy (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sles:11:sp1:teradata Security update for python-pam SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 python-pam was prone to a double-free issue which is fixed by this update. (CVE-2012-1502). Security Issues: * CVE-2012-1502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1502> SUSE bug 751005 CVE-2012-1502 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, python-32bit, python-base, python-base-32bit, python-base-debuginfo, python-base-debuginfo-32bit, python-base-debuginfo-x86, python-base-debugsource, python-base-x86, python-curses, python-debuginfo, python-debuginfo-32bit, python-debuginfo-x86, python-debugsource, python-demo, python-devel, python-doc, python-doc-pdf, python-gdbm, python-idle, python-tk, python-x86, python-xml SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update to python 2.6.8 fixes the following bugs, among others: * XMLRPC Server DoS (CVE-2012-0845, bnc#747125) * hash randomization issues (CVE-2012-1150, bnc#751718) * insecure creation of .pypirc (CVE-2011-4944, bnc#754447) * SimpleHTTPServer XSS (CVE-2011-1015, bnc#752375) * functions can accept unicode kwargs (bnc#744287) * python MainThread lacks ident (bnc#754547) * TypeError: waitpid() takes no keyword arguments (bnc#751714) * Source code exposure in CGIHTTPServer module (CVE-2011-1015, bnc#674646) * Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack. Security Issues: * CVE-2011-1015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015> * CVE-2011-1521 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521> * CVE-2011-4944 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944> * CVE-2012-0845 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845> * CVE-2012-1150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150> SUSE bug 744287 SUSE bug 747125 SUSE bug 748079 SUSE bug 751714 SUSE bug 751718 SUSE bug 752375 SUSE bug 754447 SUSE bug 754547 CVE-2011-1015 CVE-2011-1521 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). Moderate SUSE bug 1068664 SUSE bug 1079300 CVE-2017-1000158 CVE-2018-1000030 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847). Moderate SUSE bug 1109663 SUSE bug 1109847 CVE-2018-1000802 CVE-2018-14647 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Moderate SUSE bug 1122191 CVE-2019-5010 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: python27 was updated to version 2.7.17. - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Changed name of idle27 icons to idle27.png (bsc#1165894). Important SUSE bug 1155094 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - CVE-2019-20907, bsc#1174091: avoiding possible infinite loop in specifically crafted tarball. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2021-23336 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2020-26116: Fixed a CRLF injection via HTTP request method in httplib/http.client. (bsc#1177211) Moderate SUSE bug 1177211 SUSE bug 1187668 SUSE bug 1189241 SUSE bug 1189287 CVE-2020-26116 CVE-2021-3733 CVE-2021-3737 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - CVE-2022-0391: Fixed newline and tabs sanitation in urllib.parse (bsc#1195396). - CVE-2021-4189: Fixed incorrect trust of PASV response (bsc#1194146). Moderate SUSE bug 1194146 SUSE bug 1195396 CVE-2021-4189 CVE-2022-0391 cpe:/o:suse:sles:11:sp1:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for python27 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:suse:sles:11:sp1:teradata Recommended update for python 2.7 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update provides various modules for Python 2.7. It also updates python 2.7 to the 2.7.16 release, fixing security issues and bugs. The following packages are included in the update: - cloud-init - growpart - python27-argparse - python27-blinker - python27-boto3 - python27-botocore - python27-cffi - python27-Cheetah - python27-configobj - python27-cryptography - python27-dateutil - python27-docutils - python27-ecdsa - python27-enum34 - python27-futures - python27-httplib2 - python27-idna - python27-ipaddress - python27-Jinja2 - python27-jmespath - python27-jsonpatch - python27-jsonpointer - python27-jsonschema - python27-lockfile - python27-MarkupSafe - python27-oauthlib - python27-oauth - python27-paramiko - python27-ply - python27-PrettyTable - python27-pyasn1-modules - python27-pyasn1 - python27-pycparser - python27-pycrypto - python27-PyJWT - python27-pyserial - python27-pytest - python27-python-daemon - python27-PyYAML - python27-requests - python27-s3transfer - python27-setuptools - python27-simplejson - python27-six Moderate SUSE bug 1007084 SUSE bug 1014478 SUSE bug 1015776 SUSE bug 1054106 SUSE bug 1054413 SUSE bug 1064755 SUSE bug 1073879 SUSE bug 1075263 SUSE bug 1082318 SUSE bug 1097455 SUSE bug 1098681 SUSE bug 905354 SUSE bug 962170 SUSE bug 974705 SUSE bug 974993 SUSE bug 975949 SUSE bug 998103 SUSE bug 998378 CVE-2017-12880 cpe:/o:suse:sles:11:sp1:teradata Security update for quagga SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of quagga fixes multiple security flaws that could have caused a Denial of Service via specially crafted packets (CVE-2012-1820, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255). Additionally, issues with service owned directories in combination with logrotate were fixed. Security Issue references: * CVE-2012-0249 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0249> * CVE-2012-0250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0250> * CVE-2012-0255 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0255> * CVE-2012-1820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820> SUSE bug 677335 SUSE bug 752204 SUSE bug 752205 SUSE bug 752206 SUSE bug 759081 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). Moderate SUSE bug 970952 CVE-2016-2342 cpe:/o:suse:sles:11:sp1:teradata Security update for quagga (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga (group: quagga, mode: 750) and read configuration files installed there (group: quagga, mode: 640). Low SUSE bug 770619 cpe:/o:suse:sles:11:sp1:teradata Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Moderate SUSE bug 977012 CVE-2016-4049 cpe:/o:suse:sles:11:sp1:teradata Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Important SUSE bug 1005258 CVE-2016-1245 cpe:/o:suse:sles:11:sp1:teradata Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet 'vty' CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet 'vty' CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default 'zebra.conf' config file are now disabled. The vty interface is available via 'vtysh' utility using pam authentication to permit management access for root without password. [bsc#1021669] Important SUSE bug 1021669 SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/o:suse:sles:11:sp1:teradata Security update for quota SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The quota package was updated to fix an issue with tcp_wrappers, where hosts.allow/deny files would have not been correctly honored. (CVE-2012-3417) Security Issue reference: * CVE-2012-3417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3417> SUSE bug 772570 CVE-2012-3417 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for radvd SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of radvd fixes the following security flaws: * arbitrary file overwrite flaw through unsanitized interface names (CVE-2011-3602), * missing return value checks in privsep_init() which could cause radvd to keep running with root privileges (CVE-2011-3603), * buffer overread flaws in the process_ra() function (CVE-2011-3604), * temporary denial of service flaw triggered by a flood of ND_ROUTER_SOLICIT (CVE-2011-3605) Security Issue references: * CVE-2011-3601 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3601> * CVE-2011-3602 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3602> * CVE-2011-3603 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3603> * CVE-2011-3604 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3604> * CVE-2011-3605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3605> SUSE bug 721968 CVE-2011-3601 CVE-2011-3602 CVE-2011-3603 CVE-2011-3604 CVE-2011-3605 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for sendmail SUSE Linux Enterprise Server 11 SP1-TERADATA sendmail has been updated to properly close file descriptors before executing programs. These security issues were fixed: * Not properly closing file descriptors before executing programs (CVE-2014-3956). Security Issues: * CVE-2014-3956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956> SUSE bug 881284 CVE-2014-3956 cpe:/o:suse:sles:11:sp1:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Moderate SUSE bug 900914 SUSE bug 915410 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:sles:11:sp1:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for rsync fixes the following issues: - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. (bsc#915410) - The rsyncd daemon doesn't handle the HUP signal. Fix 'reload' action in the init script to restart the service. (bsc#791660) Moderate SUSE bug 791660 SUSE bug 915410 CVE-2014-9512 cpe:/o:suse:sles:11:sp1:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for rsync fixes several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions' (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). Moderate SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 cpe:/o:suse:sles:11:sp1:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Moderate SUSE bug 1076503 CVE-2018-5764 cpe:/o:suse:sles:11:sp1:teradata Security update for ruby (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Moderate SUSE bug 926974 SUSE bug 959495 SUSE bug 986630 CVE-2015-1855 CVE-2015-7551 cpe:/o:suse:sles:11:sp1:teradata Security update for ruby SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog <http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog> . The most important fixes are: * Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815> ) * mkconfig.rb: fix for continued lines. * Fix Infinity to be greater than any bignum number. * Initialize store->ex_data.sk. * Several IPv6 related fixes. * Fixes for zlib. * Reinitialize PRNG when forking children (CVE-2011-2686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2686> , CVE-2011-3009 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3009> ) * Fixes to securerandom. (CVE-2011-2705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2705> ) * Fix uri route_to * Fix race condition with variables and autoload. SUSE bug 704409 SUSE bug 739122 SUSE bug 740796 CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for rzsz (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for rzsz fixes the following issues: - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Moderate SUSE bug 1076576 SUSE bug 1086416 SUSE bug 1090051 SUSE bug 529899 CVE-2018-10195 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following security issues: - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bsc#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bsc#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bsc#958583). Moderate SUSE bug 295284 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target (bso#11648 bsc#968222). Important SUSE bug 968222 CVE-2015-7560 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2110: A man-in-the-middle can downgrade NTLMSSP authentication. (bso#11688)(bsc#973031) - CVE-2016-2111: Domain controller netlogon member computer can be spoofed. (bso#11749)(bsc#973032) - CVE-2016-2112: LDAP conenctions vulnerable to downgrade and MITM attack. (bso#11644)(bsc#973033) - CVE-2016-2113: TLS certificate validation missing. (bso#11752)(bsc#973034) - CVE-2016-2115: Named pipe IPC vulnerable to MITM attacks. (bso#11756)(bsc#973036) Bugs fixed: - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2015-5370: The DCERPC server and client were vulnerable to DOS and MITM attacks. (bsc#936862). Important SUSE bug 936862 CVE-2015-5370 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2016-2125: Don't send delegated credentials to all servers (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process (bsc#1014442). Moderate SUSE bug 1014441 SUSE bug 1014442 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-2619: Symlink race permited opening files outside share directory (bsc#1027147). These non-security issues were fixed: - Allow SESSION KEY setup without signing (bsc#1009711). Moderate SUSE bug 1009711 SUSE bug 1027147 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12163 CVE-2017-2619 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); Moderate SUSE bug 1063008 CVE-2017-15275 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: The following security issue was fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). Important SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Moderate SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sles:11:sp1:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for samba fixes the following issues: - CVE-2020-25717: A user in an AD Domain could become root on domain members (bsc#1192284). - Added missing man page updates Important SUSE bug 1192284 SUSE bug 1196717 SUSE bug 577868 SUSE bug 656867 SUSE bug 973032 SUSE bug 973033 SUSE bug 973036 CVE-2020-25717 cpe:/o:suse:sles:11:sp1:teradata Security update for sane-backends (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 cpe:/o:suse:sles:11:sp1:teradata Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Moderate SUSE bug 942628 CVE-2015-5185 cpe:/o:suse:sles:11:sp1:teradata Security update for screen (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Low SUSE bug 944458 CVE-2015-6806 cpe:/o:suse:sles:11:sp1:teradata Security update for socat SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update fixes two small security issues in socat: * Fixed a stack overflow in commandline parsing (bnc#627475 / CVE-2010-2799) Only exploitable if an attacker can control the commandline parameters. * Fixed heap overflow in READLINE output mode (bnc#759859 / CVE-2012-0219) Security Issue references: * CVE-2012-0219 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219> * CVE-2010-2799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2799> SUSE bug 627475 SUSE bug 759859 CVE-2010-2799 CVE-2012-0219 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for socat (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Moderate SUSE bug 821985 SUSE bug 860991 SUSE bug 964844 CVE-2013-3571 CVE-2014-0019 cpe:/o:suse:sles:11:sp1:teradata Security update for speex (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). Moderate SUSE bug 1192580 CVE-2020-23903 cpe:/o:suse:sles:11:sp1:teradata Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed an heap out-of-bound read in the rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles:11:sp1:teradata Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). - CVE-2018-8740: Fixed a null pointer dereference caused when CREATE TABLE AS statement is used (bsc#1085790). Important SUSE bug 1085790 SUSE bug 1155787 CVE-2017-2518 CVE-2018-8740 cpe:/o:suse:sles:11:sp1:teradata Security update for squid SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issue: * 587375: squid NULL deref via HTCP request (CVE-2010-0639) Security Issue reference: * CVE-2010-0639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639> SUSE bug 587375 CVE-2010-0639 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA squid was updated to fix two security issues. These security issues were fixed: - CVE-2014-6270: Fixed an off by one in snmp subsystem (bsc#895773). - CVE-2014-9749: Fixed a nonce replay vulnerability in Digest authentication (bsc#949942). Moderate SUSE bug 895773 SUSE bug 949942 CVE-2014-6270 CVE-2014-9749 cpe:/o:suse:sles:11:sp1:teradata Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing (bsc#979010) Moderate SUSE bug 976553 SUSE bug 979010 CVE-2016-4051 CVE-2016-4554 cpe:/o:suse:sles:11:sp1:teradata Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 CVE-2019-13345 cpe:/o:suse:sles:11:sp1:teradata Security update for squid (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning (bsc#1175664). - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). - CVE-2019-18676: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). Important SUSE bug 1156329 SUSE bug 1175664 CVE-2019-12523 CVE-2019-18676 CVE-2020-15810 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issue: * 727492: Invalid free by processing CNAME (CVE-2011-4096) It also fixes the following non-security issue: * 737905: installation creates empty spurious file '/1' Security Issue reference: * CVE-2011-4096 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4096> SUSE bug 727492 SUSE bug 737905 CVE-2011-4096 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Important SUSE bug 895773 SUSE bug 902197 SUSE bug 938715 SUSE bug 963539 SUSE bug 967011 SUSE bug 968392 SUSE bug 968393 SUSE bug 968394 SUSE bug 968395 SUSE bug 973782 SUSE bug 973783 SUSE bug 976553 SUSE bug 976556 SUSE bug 976708 SUSE bug 979008 SUSE bug 979009 SUSE bug 979010 SUSE bug 979011 SUSE bug 993299 CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Moderate SUSE bug 1016168 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Moderate SUSE bug 1077003 SUSE bug 1077006 CVE-2018-1000024 CVE-2018-1000027 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - CVE-2018-1172: Fixed a DoS caused by incorrect handling of ESI responses. (bsc#1090089, SQUID-2018:3) Important SUSE bug 1090089 CVE-2018-1172 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: Security issue fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). Important SUSE bug 1113668 CVE-2018-19131 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) - Fixed handling of hostname in cachemgr.cgi (CVE-2019-18860, bsc#1167373) - Fixed a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) - Fixed a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (CVE-2019-12520, CVE-2019-12524, bsc#1170423) - Fixed a potential denial of service when processing TLS certificates during HTTPS connections (CVE-2020-14059, bsc#1173304) - Fixed a potential denial of service associated with incorrect buffer management of HTTP Basic Authentication credentials (bsc#1141329, CVE-2019-12529) - Fixed an incorrect buffer management resulting in vulnerability to a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332, CVE-2019-12525) - Fix XSS via user_name or auth parameter in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - Fixed a potential code execution vulnerability (CVE-2019-12526, bsc#1156326) - Fixed HTTP Request Splitting in HTTP message processing and information disclosure in HTTP Digest Authentication (CVE-2019-18678, CVE-2019-18679, bsc#1156323, bsc#1156324) - Fixed a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) - Fixed a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) - Fixed a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) - Fixed Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) - Disable urn parsing and parsing of unknown schemes (bsc#1156329, CVE-2019-12523, CVE-2019-18676) Important SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 SUSE bug 1167373 SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 SUSE bug 1173304 SUSE bug 1173455 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14059 CVE-2020-15049 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Critical) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability (bsc#1175665). - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses (bsc#1175671). - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles:11:sp1:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for squid3 fixes the following issues: - CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921). - CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436). Important SUSE bug 1183436 SUSE bug 1185921 CVE-2020-25097 CVE-2021-28651 cpe:/o:suse:sles:11:sp1:teradata Security update for squidGuard (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Moderate SUSE bug 985612 CVE-2015-8936 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user (CVE-2012-2388 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2388> ). SUSE bug 761325 CVE-2012-2388 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Important SUSE bug 1039514 SUSE bug 1039515 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for strongswan fixes the following issues: - CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Moderate SUSE bug 1051222 CVE-2017-11185 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for strongswan fixes the following issues: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). Moderate SUSE bug 1094462 CVE-2018-5388 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles:11:sp1:teradata Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1107874 SUSE bug 1109845 SUSE bug 1194471 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 cpe:/o:suse:sles:11:sp1:teradata Security update for sudo, sudo-debuginfo, sudo-debugsource SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update fixes a security problem in sudo: Multiple netmask values used in Host / Host_List configuration caused any host to be allowed access. (CVE-2012-2337) Also a bug in wildcard matching could allow too relaxed matches within subdirectories of the specified path so /usr/bin/* would also match /usr/bin/X11/*, which is probably not intended. The behaviour was aligned to the one described in the sudoers manpage Security Issues: * CVE-2012-2337 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337> SUSE bug 739214 SUSE bug 762327 CVE-2012-2337 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for sudo (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for sudo fixes the following issues: Security issues: - CVE-2016-7032: noexec bypass via system() and popen(). (bsc#1007766) - CVE-2016-7076: noexec bypass via wordexp(). (bsc#1007501) - CVE-2014-9680: unsafe handling of TZ environment variable. (bsc#917806) Bug fixes: - bsc#823292: Fix the default flag settings in manual page to reflect changes caused by sudoers patch. - bsc#823796: Escape the command args for 'sudo -i' and 'sudo -s'. Moderate SUSE bug 1007501 SUSE bug 1007766 SUSE bug 823292 SUSE bug 823796 SUSE bug 917806 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 cpe:/o:suse:sles:11:sp1:teradata Security update for sudo (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles:11:sp1:teradata Security update for syslog-ng (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update (bsc#1169385). Moderate SUSE bug 1169385 CVE-2020-8019 cpe:/o:suse:sles:11:sp1:teradata Security update for system-config-printer (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for system-config-printer fixes the following issues: Security issue fixed: - CVE-2012-4510: Fixed an issue in the CUPS PolicyKit helper that allowed attackers, with user assistance, to overwrite specific files or upload sensitive data to a CUPS resource (bsc#783488). Moderate SUSE bug 783488 CVE-2012-4510 cpe:/o:suse:sles:11:sp1:teradata Security update for t1lib SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This update of t1lib fixes memory corruptions and a heap-based overflow in the afm font parser. Security Issue references: * CVE-2011-0764 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764> * CVE-2011-1552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552> * CVE-2011-1553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553> * CVE-2011-1554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554> * CVE-2011-0433 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433> SUSE bug 684802 SUSE bug 757961 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for taglib SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 The following issue has been fixed: * specially crafted ogg files could have crashed taglib Security Issue references: * CVE-2012-1108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1108> * CVE-2012-1584 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1584> SUSE bug 750690 SUSE bug 750691 SUSE bug 750693 CVE-2012-1108 CVE-2012-1584 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] Moderate SUSE bug 1007188 CVE-2016-6321 cpe:/o:suse:sles:11:sp1:teradata Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes (jsc#ECO-339) * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments to external commands. * New configure option --enable-gcc-warnings, intended for debugging. * New warning control option --warning=[no-]record-size * New command line option --keep-directory-symlink * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Moderate SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1152736 CVE-2018-20482 CVE-2019-9923 cpe:/o:suse:sles:11:sp1:teradata Security update for tar (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) Low SUSE bug 1181131 CVE-2021-20193 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump SUSE Linux Enterprise Server 11 SP1-TERADATA When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities in protocol printers have been fixed: * IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * Ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * PPP printer remote DoS (CVE-2014-9140, bnc#923142) Security Issues: * CVE-2015-0261 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261> * CVE-2015-2154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154> * CVE-2014-9140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140> SUSE bug 922220 SUSE bug 922222 SUSE bug 923142 CVE-2014-9140 CVE-2015-0261 CVE-2015-2154 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tcpdump fixes the following issues: Security issues fixed (bsc#1020940): - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print(). - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print(). - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parser print-sl.c:sl_if_print(). - CVE-2016-7926: Corrected buffer overflow in the Ethernet parser print-ether.c:ethertype_print(). - CVE-2016-7927: Corrected buffer overflow in the IEEE 802.11 parser print-802_11.c:ieee802_11_radio_print(). - CVE-2016-7928: Corrected buffer overflow in the IPComp parser print-ipcomp.c:ipcomp_print(). - CVE-2016-7931: Corrected buffer overflow in the MPLS parser print-mpls.c:mpls_print(). - CVE-2016-7936: Corrected buffer overflow in the UDP parser print-udp.c:udp_print(). - CVE-2016-7934,CVE-2016-7935,CVE-2016-7937: Corrected segmentation faults in function udp_print(). - CVE-2016-7939: Corrected buffer overflows in GRE parser print-gre.c:(multiple functions). - CVE-2016-7940: Corrected buffer overflows in STP parser print-stp.c:(multiple functions). - CVE-2016-7973: Corrected buffer overflow in AppleTalk parser print-atalk.c. - CVE-2016-7974: Corrected buffer overflow in IP parser print-ip.c:(multiple functions). - CVE-2016-7975: Corrected buffer overflow in TCP parser print-tcp.c:tcp_print(). - CVE-2016-7983,CVE-2016-7984: Corrected buffer overflow in TFTP parser print-tftp.c:tftp_print(). - CVE-2016-7992: Corrected buffer overflow in Classical IP over ATM parser print-cip.c. - CVE-2016-7993: Corrected buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, etc.). - CVE-2016-8574: Corrected buffer overflow in FRF.15 parser print-fr.c:frf15_print(). - CVE-2017-5202: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). - CVE-2017-5203: Corrected buffer overflow in BOOTP parser print-bootp.c:bootp_print(). - CVE-2017-5204: Corrected buffer overflow in IPv6 parser print-ip6.c:ip6_print(). - CVE-2017-5483: Corrected buffer overflow in SNMP parser print-snmp.c:asn1_parse(). - CVE-2017-5484: Corrected buffer overflow in ATM parser print-atm.c:sig_print(). - CVE-2017-5485: Corrected buffer overflow in ISO CLNS parser addrtoname.c:lookup_nsap(). - CVE-2017-5486: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). Moderate SUSE bug 1020940 CVE-2016-7922 CVE-2016-7923 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7931 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-13011 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). Important SUSE bug 1057247 SUSE bug 1153098 SUSE bug 1153332 CVE-2017-12893 CVE-2017-12894 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12995 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13041 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13051 CVE-2017-13053 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13725 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14881 CVE-2018-14882 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). Moderate SUSE bug 1178466 CVE-2020-8037 cpe:/o:suse:sles:11:sp1:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles:11:sp1:teradata Security update for tftp SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Malicious clients could overflow a buffer in tftpd by specifying a large value for the utimeout option (CVE-2011-2199). Security Issue reference: * CVE-2011-2199 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2199> SUSE bug 699714 CVE-2011-2199 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for tgt SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of tgt fixes multiple bugs: * tgtadm user unbind broken [bnc#633111] * iscsitarget package not supported [bnc#513934] * iscsitarget vs. tgt (and /etc/ietd.conf) [bnc#598927] * tgt fix double free() flaw [bnc#665415, CVE-2011-0001] Security Issue reference: * CVE-2011-0001 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0001> SUSE bug 513934 SUSE bug 598927 SUSE bug 633111 SUSE bug 665415 CVE-2011-0001 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Moderate SUSE bug 960341 SUSE bug 964225 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) Moderate SUSE bug 973340 SUSE bug 974449 SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). Moderate SUSE bug 1007280 SUSE bug 1011107 SUSE bug 1011845 SUSE bug 1017688 SUSE bug 1017690 SUSE bug 1017691 SUSE bug 1017692 SUSE bug 1031255 SUSE bug 1046077 SUSE bug 1048937 SUSE bug 1074318 SUSE bug 960341 SUSE bug 983436 CVE-2015-7554 CVE-2016-10095 CVE-2016-10268 CVE-2016-3945 CVE-2016-5318 CVE-2016-5652 CVE-2016-9453 CVE-2016-9536 CVE-2017-11335 CVE-2017-17973 CVE-2017-9935 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) Moderate SUSE bug 1017694 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033129 SUSE bug 1074317 SUSE bug 984808 SUSE bug 984809 SUSE bug 984831 SUSE bug 987351 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2016-5314 CVE-2016-5315 CVE-2017-18013 CVE-2017-7593 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). Moderate SUSE bug 1007276 SUSE bug 1011839 SUSE bug 1011846 SUSE bug 1017689 SUSE bug 1017690 SUSE bug 1019611 SUSE bug 1031263 SUSE bug 1082332 SUSE bug 1082825 SUSE bug 1086408 SUSE bug 974621 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-10266 CVE-2016-3632 CVE-2016-5318 CVE-2016-8331 CVE-2016-9535 CVE-2016-9540 CVE-2017-11613 CVE-2017-5225 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Moderate SUSE bug 1074186 SUSE bug 1092480 SUSE bug 960589 SUSE bug 983440 CVE-2015-8668 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Moderate SUSE bug 1106853 SUSE bug 1108627 SUSE bug 1108637 SUSE bug 1110358 CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1010163 SUSE bug 1014461 SUSE bug 1040080 SUSE bug 1040322 SUSE bug 1074186 SUSE bug 1099257 SUSE bug 1113672 SUSE bug 974446 SUSE bug 974447 SUSE bug 974448 SUSE bug 983440 CVE-2015-8870 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-5319 CVE-2016-9273 CVE-2017-17942 CVE-2017-9117 CVE-2017-9147 CVE-2018-12900 CVE-2018-18661 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). Moderate SUSE bug 1017693 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Low SUSE bug 1121626 SUSE bug 983268 CVE-2016-5102 CVE-2019-6128 cpe:/o:suse:sles:11:sp1:teradata Security update for tiff (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Important SUSE bug 1156749 SUSE bug 1156754 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 CVE-2015-8665 CVE-2015-8683 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 cpe:/o:suse:sles:11:sp1:teradata Security update for tightvnc (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Important SUSE bug 1155442 SUSE bug 1155452 SUSE bug 1155472 SUSE bug 1155476 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issue: - CVE-2016-5388 Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) Moderate SUSE bug 988489 CVE-2016-5388 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces). In addition, multiple weaknesses in HTTP DIGESTS have been fixed (CVE-2011-1184): * CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. * CVE-2011-5063: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. * CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. Security Issue references: * CVE-2011-1184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184> * CVE-2011-5062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062> * CVE-2011-5063 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063> * CVE-2011-5064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064> SUSE bug 735343 SUSE bug 742477 CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) * CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) * CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) Important SUSE bug 934219 SUSE bug 967815 SUSE bug 967964 SUSE bug 967965 SUSE bug 967967 CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Important SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1011805 SUSE bug 1011812 SUSE bug 1015119 SUSE bug 1033448 SUSE bug 1036642 SUSE bug 988489 CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following security issues: - : The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page (bsc#1042910). - : The URL pattern of '' was not correctly handled when used as part of a security constraint definition. This caused the constraint to be ignored. It was possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected (bsc#1082480). Moderate SUSE bug 1042910 SUSE bug 1082480 CVE-2017-5664 CVE-2018-1304 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issue: Security issue fixed: - CVE-2018-11784: Fixed problem with specially crafted URLs that could be used to cause a redirect to any URI of an attackers choise (bsc#1110850). Moderate SUSE bug 1110850 CVE-2018-11784 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2020-9484 cpe:/o:suse:sles:11:sp1:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Important SUSE bug 1059554 SUSE bug 1180947 SUSE bug 1182909 CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 cpe:/o:suse:sles:11:sp1:teradata Security update for transfig (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for transfig fixes the following issues: Security issue fixed: - CVE-2017-16899: Fix array index error in the fig2dev program (bsc#1069257). Moderate SUSE bug 1069257 CVE-2017-16899 cpe:/o:suse:sles:11:sp1:teradata Security update for transfig (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for transfig fixes the following issues: Security issue fixed: - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) Low SUSE bug 1106531 CVE-2018-16140 cpe:/o:suse:sles:11:sp1:teradata Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for transfig fixes the following issues: - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - Do hardening via compile and linker flags - Fixed last added upstream commit (boo#1136882) Important SUSE bug 1136882 SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles:11:sp1:teradata Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles:11:sp1:teradata Security update for unrar (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Important SUSE bug 1045315 CVE-2012-6706 cpe:/o:suse:sles:11:sp1:teradata Security update for unrar (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Added libunrar* and libunrar*-devel subpackages (bsc#513804) - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 513804 SUSE bug 693890 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 cpe:/o:suse:sles:11:sp1:teradata Security update for unzip SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: * CVE-2014-8139: input sanitization errors (bnc#909214) * CVE-2014-9636: out-of-bounds read/write in test_compr_eb() (bnc#914442) Security Issues: * CVE-2014-9636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636> * CVE-2014-8139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139> SUSE bug 909214 SUSE bug 914442 CVE-2014-8139 CVE-2014-9636 cpe:/o:suse:sles:11:sp1:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) Moderate SUSE bug 1013992 SUSE bug 1013993 SUSE bug 950110 CVE-2014-9913 CVE-2015-7696 CVE-2016-9844 cpe:/o:suse:sles:11:sp1:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) Moderate SUSE bug 1080074 CVE-2018-1000035 cpe:/o:suse:sles:11:sp1:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unzip fixes the following issues: - CVE-2018-18384: Fixed buffer overflow when listing archives (bsc#1110194) Moderate SUSE bug 1110194 CVE-2018-18384 cpe:/o:suse:sles:11:sp1:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for unzip fixes the following issues: - CVE-2021-4217: Fixed null pointer dereference in Unicode strings code (bsc#1196175). Moderate SUSE bug 1196175 CVE-2021-4217 cpe:/o:suse:sles:11:sp1:teradata Security update for FUSE SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The following security issues were fixed: * CVE-2010-3879: FUSE allowed local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. * CVE-2011-0541: Avoid mounting a directory including evaluation of symlinks, which might have allowed local attackers to mount filesystems anywhere in the system. * CVE-2011-0543: Avoid symlink attacks on the mount point written in the mtab file. Four bugs were fixed: * fixed retrying nfs mounts on rpc timeouts * allow seperate control of the internet protocol uses by rpc.mount seperately of the protocol used by nfs. * Fixed locking in libuuid/uuid to avoid duplicate uuids. * mkswap bad block check marked every block bad in O(n!) time on a good device New features were implemented: * mount now has --fake and --no-canonicalize options, required for the symlink security fixes. These were backported from mainline. * mount can now auto-detect and differentiate between squashfs3 and squashfs (v4) filesystems, allowing backward compatibility to the SUSE Linux Enterprise 11 GA codebase. Security Issues: * CVE-2010-3879 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879> * CVE-2011-0541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541> * CVE-2011-0543 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543> SUSE bug 635393 SUSE bug 651598 SUSE bug 663385 SUSE bug 666893 SUSE bug 667215 SUSE bug 668820 CVE-2010-3879 CVE-2011-0541 CVE-2011-0543 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for vim (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability (bsc#1010685) Important SUSE bug 1010685 CVE-2016-1248 cpe:/o:suse:sles:11:sp1:teradata Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for vim fixes the following issues: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Moderate SUSE bug 1024724 CVE-2017-5953 cpe:/o:suse:sles:11:sp1:teradata Security update for vim (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles:11:sp1:teradata Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). Moderate SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles:11:sp1:teradata Security update for vino SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This security update fixes two out-of-bounds memory access vulnerabilities in vinos' libvncserver. (CVE-2011-0904 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0904> , CVE-2011-0905 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0905> ) Additionally, another possible server crash has been fixed. (bln440712) SUSE bug 691207 CVE-2011-0904 CVE-2011-0905 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for vino (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Moderate SUSE bug 1155419 CVE-2019-15681 cpe:/o:suse:sles:11:sp1:teradata Security update for vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code ( CVE-2010-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713> ). SUSE bug 621097 CVE-2010-2713 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for w3m SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA w3m does not handle embedded NUL characters in the common name and in subject alternative names of X.509 certificates (CVE-2010-2074 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074> ). This update fixes the issue and also turns on verification of x509 certificates by default which was not the case before. SUSE bug 609451 CVE-2010-2074 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for w3m (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Moderate SUSE bug 1011269 SUSE bug 1011270 SUSE bug 1011271 SUSE bug 1011272 SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012020 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2010-2074 CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sles:11:sp1:teradata Security update for w3m (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Moderate SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1077572 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:suse:sles:11:sp1:teradata Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sles:11:sp1:teradata Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Moderate SUSE bug 1120930 CVE-2018-19840 cpe:/o:suse:sles:11:sp1:teradata Security update for wavpack (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles:11:sp1:teradata Security update for wget SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA wget has been updated to fix one security issue and two non-security issues. This security issue has been fixed: * FTP symlink arbitrary filesystem access (CVE-2014-4877). These non-security issues have been fixed: * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877> SUSE bug 885069 SUSE bug 901276 SUSE bug 902709 CVE-2014-4877 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Moderate SUSE bug 958342 SUSE bug 984060 SUSE bug 995964 CVE-2016-4971 CVE-2016-7098 cpe:/o:suse:sles:11:sp1:teradata Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Moderate SUSE bug 1028301 CVE-2017-6508 cpe:/o:suse:sles:11:sp1:teradata Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) Moderate SUSE bug 1092061 CVE-2018-0494 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 This version upgrade of wireshark fixes multiple denial of service flaws: * CVE-2012-2394: denial of service via memory alignment flaw * CVE-2012-2393: DIAMETER memory allocation flaw * CVE-2012-2392: denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes were introduced. Security Issue references: * CVE-2012-2392 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392> * CVE-2012-2393 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393> * CVE-2012-2394 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394> SUSE bug 763855 SUSE bug 763857 SUSE bug 763859 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 cpe:/o:suse:suse_sles:11:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Low) SUSE Linux Enterprise Server 11 SP1-TERADATA This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Moderate SUSE bug 968565 SUSE bug 976944 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bsc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bsc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bsc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bsc#991016) - CVE-2016-6508: wireshark: RLC long loop (bsc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bsc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bsc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671) - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671) - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671) - CVE-2016-5353: UMTS FP crash (bsc#983671) - CVE-2016-5354: USB dissector crash (bsc#983671) - CVE-2016-5355: Toshiba file parser crash (bsc#983671) - CVE-2016-5356: CoSine file parser crash (bsc#983671) - CVE-2016-5357: NetScreen file parser crash (bsc#983671) - CVE-2016-5358: Ethernet dissector crash (bsc#983671) - CVE-2016-5359: WBXML infinite loop (bsc#983671) For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Moderate SUSE bug 983671 SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936). - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937). - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938). - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939). - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940). - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941). - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942). - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943). - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944). - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945). - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963). - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735). - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740). - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752). - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754). - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761). - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762). - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763). - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800). - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964). - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913). - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739). - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739). Moderate SUSE bug 1002981 SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010911 SUSE bug 1021739 SUSE bug 1025913 SUSE bug 1027998 SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 SUSE bug 998761 SUSE bug 998762 SUSE bug 998763 SUSE bug 998800 SUSE bug 998963 SUSE bug 998964 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Moderate SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Moderate SUSE bug 1044417 SUSE bug 1045341 SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 SUSE bug 1062645 SUSE bug 1070727 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-9617 CVE-2017-9766 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Moderate SUSE bug 1077080 SUSE bug 1082692 CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Moderate SUSE bug 1088200 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 cpe:/o:suse:sles:11:sp1:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 (bsc#1106514): Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Moderate SUSE bug 1106514 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles:11:sp1:teradata Security update for wpa_supplicant SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes a remote code execution vulnerability in wpa_supplicant's wpa_cli and hostapd_cli tools. CVE-2014-3686 has been assigned to this issue. Additionally, password based authentication with PKCS#5v2 has been enabled. Security Issues: * CVE-2014-3686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686> SUSE bug 868937 SUSE bug 900611 CVE-2014-3686 cpe:/o:suse:sles:11:sp1:teradata Security update for xalan-j2 SUSE Linux Enterprise Server 11 SP1-TERADATA xalan-j2 has been updated to ensure that secure processing can't be circumvented (CVE-2014-0107). Security Issues: * CVE-2014-0107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107> SUSE bug 870082 CVE-2014-0107 cpe:/o:suse:sles:11:sp1:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues in Xen: * CVE-2012-5510: Grant table version switch list corruption vulnerability (XSA-26) * CVE-2012-5511: Several HVM operations do not validate the range of their inputs (XSA-27) * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5514: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following fix has been applied: * bnc#777628 - guest 'disappears' after live migration Updated block-dmmd script Security Issues references: * CVE-2012-5513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513> * CVE-2012-5514 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514> * CVE-2012-5511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511> * CVE-2012-5510 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510> * CVE-2012-5515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515> SUSE bug 777628 SUSE bug 789944 SUSE bug 789945 SUSE bug 789948 SUSE bug 789950 SUSE bug 789951 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-LTSS Xen was updated to fix the following security issues: * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712) Important SUSE bug 938344 SUSE bug 939712 CVE-2015-5154 CVE-2015-5165 cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA Xen was updated to fix the following security issues: * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712) Important SUSE bug 938344 SUSE bug 939712 CVE-2015-5154 CVE-2015-5165 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA xen was updated to fix eight security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). Important SUSE bug 877642 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA xen was updated to fix 41 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bnc#932267). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bnc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5307: The KVM subsystem allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-6815: e1000: infinite loop issue (bnc#944697). - CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator (XSA-162) (bnc#956411). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-7835: The mod_l2_entry function in arch/x86/mm.c did not properly validate level 2 page table entries, which allowed local PV guest administrators to gain privileges via a crafted superpage mapping (bnc#950367). - CVE-2015-7969: Multiple memory leaks allowed local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of 'teardowns' of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall (bnc#950703). - CVE-2015-7969: Multiple memory leaks allowed local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of 'teardowns' of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall (bnc#950703). - CVE-2015-7970: The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c was not preemptible, which allowed local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a 'time-consuming linear scan,' related to Populate-on-Demand (bnc#950704). - CVE-2015-7971: There was no limit on the number of printk console messages when logging certain pmu and profiling hypercalls, which allowed local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c (bnc#950706). - CVE-2015-7972: The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c did not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allowed local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to 'heavy memory pressure (bnc#951845). - CVE-2015-8104: The KVM subsystem allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-8339: The memory_exchange function in common/memory.c did not properly hand back pages to a domain, which might allowed guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown (bnc#956408). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). This non-security issue was fixed: - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 945989 SUSE bug 950367 SUSE bug 950703 SUSE bug 950704 SUSE bug 950706 SUSE bug 951845 SUSE bug 953527 SUSE bug 954404 SUSE bug 956408 SUSE bug 956411 SUSE bug 956829 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958493 SUSE bug 958523 SUSE bug 959005 SUSE bug 960707 SUSE bug 960725 SUSE bug 960726 SUSE bug 960862 SUSE bug 961691 SUSE bug 961692 SUSE bug 962335 SUSE bug 962360 SUSE bug 962611 SUSE bug 962627 SUSE bug 962642 SUSE bug 962758 SUSE bug 963782 SUSE bug 963783 SUSE bug 964452 SUSE bug 964644 SUSE bug 964925 SUSE bug 964947 SUSE bug 965112 SUSE bug 965315 SUSE bug 965317 SUSE bug 967013 SUSE bug 967101 SUSE bug 967630 SUSE bug 969350 SUSE bug 969351 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2015-4037 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-7504 CVE-2015-7512 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8743 CVE-2015-8745 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2841 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) - CVE-2016-2841: The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control (bsc#969351). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967101). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX in Xen, when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#965112). - CVE-2015-5278: Infinite loop in ne2000_receive() function allowed a privileged user inside the guest to crash the Qemu instance resulting in DoS (bsc#964947). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#964644). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#964925). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#964452). - CVE-2016-1981: A:infinite loop in start_xmit and e1000_receive_iov routines allowed a privileged user inside the guest to crash the Qemu instance resulting in DoS (bsc#963783). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#962758). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#962642). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#962627). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#962611). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#962335). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#962360). - CVE-2016-1714: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c when built with the Firmware Configuration device emulation support, allowed guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration (bsc#961692). - CVE-2016-1571: The paging_invlpg function in include/asm-x86/paging.h in Xen when using shadow mode paging or nested virtualization is enabled, allowed local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check (bsc#960862). - CVE-2015-8743: A OOB memory access in ioport r/w functions allowed a privileged (CAP_SYS_RAWIO) user/process to use this flaw to leak or corrupt Qemu memory bytes (bsc#960726). - CVE-2015-8550: Xen, when used on a system providing PV backends, allowed local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability (bsc#957988). - CVE-2015-8554: Buffer overflow in hw/pt-msi.c in Xen, when using the qemu-xen-traditional (aka qemu-dm) device model, allowed local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a 'write path.' (bsc#958007). - CVE-2015-8555: Xen did not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allowed local guest domains to obtain sensitive information from other domains via unspecified vectors (bsc#958009). - CVE-2015-8339: The memory_exchange function in common/memory.c in Xen did not properly hand back pages to a domain, which might have allowed guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown (bsc#956408). - CVE-2015-8104: The KVM subsystem might have allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bsc#954405). - CVE-2015-5307: The KVM subsystem might allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bsc#953527). - CVE-2015-7970: The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen was not preemptible, which allowed local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a 'time-consuming linear scan,' related to Populate-on-Demand (bsc#950704). - CVE-2015-7972: The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen did not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allowed local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to 'heavy memory pressure.' (bsc#951845). - CVE-2015-7969: Multiple memory leaks in Xen allowed local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of 'teardowns' of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall (bsc#950703). - CVE-2015-7969: Multiple memory leaks in Xen allowed local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of 'teardowns' of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall (bsc#950705). - CVE-2015-7971: Xen did not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allowed local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c (bsc#950706). - CVE-2015-4037: The slirp_smb function in net/slirp.c in created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: The mod_l2_entry function in arch/x86/mm.c did not properly validate level 2 page table entries, which allowed local PV guest administrators to gain privileges via a crafted superpage mapping (bsc#950367). - CVE-2015-8504: The VNC display driver support was vulnerable to an arithmetic exception flaw that allowed a privileged remote client to crash the guest resulting in DoS (bsc#958493). - CVE-2015-8345: The i8255x (PRO100) emulation support was vulnerable to an infinite loop issue that allowed a privileged (CAP_SYS_RAWIO) user inside guest to crash the Qemu instance resulting in DoS (bsc#956832). - CVE-2015-7504: When using the AMD PC-Net II emulator(hw/net/pcnet.c) a heap buffer overflow could be triggered that could have allowed a guest to to take over the qemu process (bsc#956411). - CVE-2015-5239: The VNC display driver was vulnerable to an infinite loop issue that allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#944463). - CVE-2015-6815: The e1000 NIC emulation support was vulnerable to an infinite loop issue that allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#944697). These non-security issues were fixed: - bsc#1000893: virsh setmem won't allow to set current guest memory to max limit - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 SUSE bug 877642 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 950367 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 953527 SUSE bug 954405 SUSE bug 956408 SUSE bug 956411 SUSE bug 956832 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958493 SUSE bug 958523 SUSE bug 960726 SUSE bug 960862 SUSE bug 961692 SUSE bug 962335 SUSE bug 962360 SUSE bug 962611 SUSE bug 962627 SUSE bug 962642 SUSE bug 962758 SUSE bug 963783 SUSE bug 964452 SUSE bug 964644 SUSE bug 964925 SUSE bug 964947 SUSE bug 965112 SUSE bug 965315 SUSE bug 965317 SUSE bug 967101 SUSE bug 967630 SUSE bug 969351 SUSE bug 973188 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 978164 SUSE bug 978295 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 982960 SUSE bug 983984 SUSE bug 988675 SUSE bug 990843 SUSE bug 995785 SUSE bug 995792 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3615 CVE-2014-3640 CVE-2014-3672 CVE-2014-3689 CVE-2014-7815 CVE-2015-4037 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-7504 CVE-2015-7512 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8743 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2841 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6351 CVE-2016-7092 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Important SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues: These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298). - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Important SUSE bug 1013657 SUSE bug 1014298 SUSE bug 1015169 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024834 SUSE bug 1028235 SUSE bug 1030442 SUSE bug 907805 CVE-2014-8106 CVE-2016-10024 CVE-2016-9776 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes the following security issues: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) - CVE-2017-7995: Incorrect address range validation potentially allowing PV guests to access MMIO memory with read side effects (bsc#1033948). - Incorrect checks when handling exceptions allowed a malicious or buggy 64-bit PV guest to modify part of a physical memory page not belonging to it, potentially allowing for all of privilege escalation, host or other guest crashes, and information leaks (XSA-215, bsc#1034845) Important SUSE bug 1028655 SUSE bug 1033948 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 CVE-2016-9603 CVE-2017-7718 CVE-2017-7995 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686). - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-8905: Fixed a memory corruption via a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). - CVE-2017-10912: Xen mishandled page transfer, which allowed guest OS users to obtain privileged host OS access (XSA-217, bsc#1042882). - CVE-2017-10918: Xen did not validate memory allocations during certain P2M operations, which allowed guest OS users to obtain privileged host OS access (XSA-222, bsc#1042931). - CVE-2017-10920: The grant-table feature in Xen mishandled a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allowed guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access (XSA-224, bsc#1042938). - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) Important SUSE bug 1034845 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042882 SUSE bug 1042931 SUSE bug 1042938 SUSE bug 1046637 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 CVE-2017-10664 CVE-2017-10912 CVE-2017-10918 CVE-2017-10920 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). Important SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14317 CVE-2017-14319 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). Important SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116) - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158) - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160) - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163) - CVE-2017-5715: Prevent side channel attacks aka Spectre and Meltdown (bsc#1068032) - Prevent denial of service against xenstore via repeated updates (bsc#1030144, XSA-206) Important SUSE bug 1030144 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1089152 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2018-5683 CVE-2018-8897 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes the following issues: Security issues fixed: - bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 xen: Information leak via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. - bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash Xen with XPTI (XSA-259) - bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store Bypass aka 'Memory Disambiguation' (XSA-263) - bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267) - bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) - bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275) - bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 conflicts with shadow paging (XSA-280) - bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282) - bsc#1126140 - VUL-0: CVE-2019-17340: xen: XSA-284: grant table transfer issues on large hosts - bsc#1126141 - VUL-0: CVE-2019-17341: xen: XSA-285: race with pass-through device hotplug - bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1126192 - VUL-0: CVE-2019-17342: xen: XSA-287: x86: steal_page violates page_struct access discipline - bsc#1126195 - VUL-0: CVE-2019-17343: xen: XSA-288: x86: Inconsistent PV IOMMU discipline - bsc#1126196 - VUL-0: CVE-2019-17344: xen: XSA-290: missing preemption in x86 PV page table unvalidation - bsc#1111331 - VUL-0: CPU issues Q2 2019 aka 'Group 4' CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - bsc#1154458 - VUL-0: CVE-2019-18421: xen: XSA-299: Issues with restartable PV type change operations - bsc#1155945 - VUL-0: CVE-2018-12207: xen: Machine Check Error Avoidance on Page Size Change (aka IFU issue) - bsc#1158004 - VUL-0: CVE-2019-19583: xen: XSA-308 - VMX: VMentry failure with debug exceptions and blocked states - bsc#1158005 - VUL-0: CVE-2019-19578: xen: XSA-309 - Linear pagetable use / entry miscounts - bsc#1158006 - VUL-0: CVE-2019-19580: xen: XSA-310 - Further issues with restartable PV type change operations - bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (XSA-320) - bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic modification of live EPT PTE - bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) - bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code reading back hardware registers (XSA-337) - bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1179506 - VUL-0: CVE-2020-29566: xen: undue recursion in x86 HVM context switch code (XSA-348) - bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel - bsc#1179496 - VUL-0: CVE-2020-29480: xen: xenstore: watch notifications lacking permission checks (XSA-115) - bsc#1179498 - VUL-0: CVE-2020-29481: xen: xenstore: new domains inheriting existing node permissions (XSA-322) - bsc#1179501 - VUL-0: CVE-2020-29484: xen: xenstore: guests can crash xenstored via watchs (XSA-324) - bsc#1179502 - VUL-0: CVE-2020-29483: xen: xenstore: guests can disturb domain cleanup (XSA-325) - bsc#1179477 - VUL-0: CVE-2020-29130: xen: out-of-bounds access while processing ARP packets - bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) - bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues - bsc#1161181 - VUL-0: CVE-2020-7211: xen: potential directory traversal using relative paths via tftp server on Windows host - bsc#1154456 - VUL-0: CVE-2019-18425: xen: XSA-298: missing descriptor table limit checking in x86 PV emulation - bsc#1149813 - VUL-0: CVE-2019-15890: xen: use-after-free during packet reassembly - bsc#1146874 - VUL-0: CVE-2019-12068: xen: infinite loop while executing script - bsc#1143797 - VUL-0: CVE-2019-14378: xen: heap buffer overflow during packet reassembly in slirp networking implementation - bsc#1130680 - VUL-0: CVE-2018-20815: xen: qemu: device_tree: heap buffer overflow while loading device tree blob - bsc#1129623 - VUL-1: CVE-2019-9824: xen: information leakage in tcp_emu() due to uninitialized stack variables - bsc#1123157 - VUL-0: CVE-2019-6778: xen: A heap buffer overflow in tcp_emu() found in slirp - bsc#1117756 - VUL-0: CVE-2018-19665: xen: Integer overflow in Bluetooth routines allows memory corruption - bsc#1114423 - VUL-0: CVE-2018-18849: xen: QEMU: lsi53c895a: OOB msg buffer access leads to DoS - bsc#1111014 - VUL-0: CVE-2018-17963: xen: net: ignore packets with large size - bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264) - bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265) - bsc#1096224 - VUL-0: CVE-2018-11806: xen: slirp: heap buffer overflow while reassembling fragmented datagrams - bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt injection errors (XSA-261) - bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into unbounded loop (XSA-262) Non-security issues fixed: - Upstream prereq patches for XSA-273 (bsc#1091107) - Additional upstream adjustments (bsc#1027519) - bsc#1022555 - L3: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827 - Forward port xenstored Important SUSE bug 1022555 SUSE bug 1027519 SUSE bug 1029827 SUSE bug 1074562 SUSE bug 1089635 SUSE bug 1090822 SUSE bug 1090823 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1111014 SUSE bug 1111331 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115047 SUSE bug 1117756 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1129623 SUSE bug 1130680 SUSE bug 1143797 SUSE bug 1146874 SUSE bug 1149813 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1155945 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1161181 SUSE bug 1168140 SUSE bug 1169392 SUSE bug 1172205 SUSE bug 1173380 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10471 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12207 CVE-2018-12891 CVE-2018-12893 CVE-2018-17963 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 CVE-2018-19967 CVE-2018-20815 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-18421 CVE-2019-18425 CVE-2019-19578 CVE-2019-19580 CVE-2019-19583 CVE-2019-6778 CVE-2019-9824 CVE-2020-0543 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25604 CVE-2020-27670 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-7211 cpe:/o:suse:sles:11:sp1:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xen fixes the following issues: - L3: xenstored crashing with segfault after applying latest xen updates on SLES12 SP2 (LTSS) Server (bsc#1182155) - CVE-2020-14364: out-of-bounds r/w access issue while processing usb packets (bsc#1175534) - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages (bsc#1163019) Important SUSE bug 1163019 SUSE bug 1175534 SUSE bug 1182155 CVE-2020-14364 CVE-2020-8608 cpe:/o:suse:sles:11:sp1:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Collective May/2011 update for Xen Xen: * 679344: Xen: multi-vCPU pv guest may crash host * 675817: Kernel panic when creating HVM guests on AMD platforms with XSAVE * 678871: dom0 hangs long time when starting hvm guests with memory >= 64GB * 675363: Random lockups with kernel-xen. Possibly graphics related * 678229: restore of sles HVM fails * 672833: xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. * 665610: xm console > 1 to same VM messes up both consoles * 687981: mistyping model type when defining VIF crashes VM * 688473: Fix potential buffer overflow in decode * 691238: revert accidental behaviour change in xm list * 680824: dom0 can't recognize boot disk when IOMMU is enabled * 623680: xen kernel freezes during boot when processor module is loaded vm-install: * 678152: virt-manager: harmless block device admin actions on FV guests mess up network (VIF) device type ==> network lost. * 688757: SLED10SP4 fully virtualized in SLES10SP4 XEN - kernel panic libvirt: * 674371: qemu aio mode per disk * 675861: Force FLR on for buggy SR-IOV devices * 678406: libvirt: several API calls do not honour read-only * 684877: libvirt: error reporting in libvirtd is not thread safe * 686737: virsh: Add option 'model' to attach-interface * 681546: Fix xmdomain.cfg to libvirt XML format conversion * 688306: Handle support for recent KVM versions Security Issue references: * CVE-2011-1146 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146> * CVE-2011-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486> * CVE-2011-1166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166> * CVE-2011-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1583> SUSE bug 623680 SUSE bug 665610 SUSE bug 672833 SUSE bug 674371 SUSE bug 675363 SUSE bug 675817 SUSE bug 675861 SUSE bug 678152 SUSE bug 678229 SUSE bug 678406 SUSE bug 678871 SUSE bug 679344 SUSE bug 680824 SUSE bug 681546 SUSE bug 684877 SUSE bug 686737 SUSE bug 687981 SUSE bug 688306 SUSE bug 688473 SUSE bug 688757 SUSE bug 691238 CVE-2011-1146 CVE-2011-1166 CVE-2011-1486 CVE-2011-1583 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Security / Collective Update for Xen Xen: * bnc#702025 - VUL-0: xen: VT-d (PCI passthrough) MSI trap injection (CVE-2011-1898) * bnc#703924 - update block-npiv scripts to support BFA HBA * bnc#689954 - L3: Live migrations fail when guest crashes: domain_crash_sync called from entry.S * bnc#693472 - Bridge hangs cause redundant ring failures in SLE 11 SP1 HAE + XEN * bnc#582265 - xen-scsi.ko not supported * bnc#670465 - When connecting to Xen guest through vncviewer mouse tracking is off. * bnc#684305 - on_crash is being ignored with kdump now working in HVM * bnc#684297 - HVM taking too long to dump vmcore * bnc#704160 - crm resource migrate fails with xen machines * bnc#706574 - xm console DomUName hang after 'xm save/restore' of PVM on the latest Xen vm-install: * bnc#692625 - virt-manager has problems to install guest from multiple CD Security Issue reference: * CVE-2011-1898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898> SUSE bug 582265 SUSE bug 670465 SUSE bug 684297 SUSE bug 684305 SUSE bug 689954 SUSE bug 692625 SUSE bug 693472 SUSE bug 702025 SUSE bug 703924 SUSE bug 704160 SUSE bug 706574 CVE-2011-1898 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xen and libvirt SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This collective update 2012/02 for Xen provides fixes for the following reports: Xen: * 740165: Fix heap overflow in e1000 device emulation (applicable to Xen qemu - CVE-2012-0029) * 739585: Xen block-attach fails after repeated attach/detach * 727515: Fragmented packets hang network boot of HVM guest * 736824: Microcode patches for AMD's 15h processors panic the system * 732782: xm create hangs when maxmen value is enclosed in 'quotes' * 734826: xm rename doesn't work anymore * 694863: kexec fails in xen * 726332: Fix considerable performance hit by previous changeset * 649209: Fix slow Xen live migrations libvirt * 735403: Fix connection with virt-manager as normal user virt-utils * Add Support for creating images that can be run on Microsoft Hyper-V host (Fix vpc file format. Add support for fixed disks) Security Issue references: * CVE-2012-0029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029> SUSE bug 649209 SUSE bug 694863 SUSE bug 725169 SUSE bug 726332 SUSE bug 727515 SUSE bug 732782 SUSE bug 734826 SUSE bug 735403 SUSE bug 736824 SUSE bug 739585 SUSE bug 740165 CVE-2012-0029 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Three security issues were found in XEN. Two security issues are fixed by this update: * CVE-2012-0217: Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment. * CVE-2012-0218: Also a guest user could crash the guest XEN kernel due to a protection fault bounce. The third fix is changing the Xen behaviour on certain hardware: * CVE-2012-2934: The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). AMD Erratum #121 is described in 'Revision Guide for AMD Athlon 64 and AMD Opteron Processors': http://support.amd.com/us/Processor_TechDocs/25759.pdf <http://support.amd.com/us/Processor_TechDocs/25759.pdf> The following 130nm and 90nm (DDR1-only) AMD processors are subject to this erratum: o First-generation AMD-Opteron(tm) single and dual core processors in either 939 or 940 packages: + AMD Opteron(tm) 100-Series Processors + AMD Opteron(tm) 200-Series Processors + AMD Opteron(tm) 800-Series Processors + AMD Athlon(tm) processors in either 754, 939 or 940 packages + AMD Sempron(tm) processor in either 754 or 939 packages + AMD Turion(tm) Mobile Technology in 754 package This issue does not effect Intel processors. The impact of this flaw is that a malicious PV guest user can halt the host system. As this is a hardware flaw, it is not fixable except by upgrading your hardware to a newer revision, or not allowing untrusted 64bit guestsystems. The patch changes the behaviour of the host system booting, which makes it unable to create guest machines until a specific boot option is set. There is a new XEN boot option 'allow_unsafe' for GRUB which allows the host to start guests again. This is added to /boot/grub/menu.lst in the line looking like this: kernel /boot/xen.gz .... allow_unsafe Note: .... in this example represents the existing boot options for the host. Security Issue references: * CVE-2012-0217 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217> * CVE-2012-0218 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0218> * CVE-2012-2934 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2934> SUSE bug 757537 SUSE bug 757970 SUSE bug 764077 CVE-2012-0217 CVE-2012-0218 CVE-2012-2934 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN was fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest Security Issue references: * CVE-2012-3432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432> * CVE-2012-3433 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3433> * CVE-2012-2625 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2625> SUSE bug 744771 SUSE bug 746702 SUSE bug 762484 SUSE bug 762963 SUSE bug 773393 SUSE bug 773401 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 Security Issue references: * CVE-2012-3496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496> * CVE-2012-3494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494> * CVE-2012-3495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495> * CVE-2012-3498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498> * CVE-2012-3516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3516> * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 776995 SUSE bug 777084 SUSE bug 777090 SUSE bug 777091 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 CVE-2012-3516 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1-TERADATA XEN received various security fixes: * CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA-20) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA-22) * CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA-23) * CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA-24) * CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 777890 SUSE bug 779212 SUSE bug 786516 SUSE bug 786517 SUSE bug 786519 SUSE bug 786520 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:sles:11:sp1:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP1-TERADATA XEN has been updated to fix various security issues: * CVE-2013-1917: Xen PV DoS vulnerability with SYSENTER * CVE-2013-1918: XSA-45: Several long latency operations are not preemptible * CVE-2013-1919: Several access permission issues with IRQs for unprivileged guests * CVE-2013-1920: XSA-47: Potential use of freed memory in event channel operations * CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges * CVE-2013-1964: XSA-50: grant table hypercall acquire/release imbalance * CVE-2013-2076: XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2013-2077: XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR * CVE-2013-2194: XSA-55: Multiple vulnerabilities in libelf PV kernel handling (also CVE-2013-2195 and CVE-2013-2196) * CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend * CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive console related xenstore keys * CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table pin error path * CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even with disabled iommu * CVE-2013-1442: XSA-62: xen: Information leak on AVX and/or LWP capable CPUs * CVE-2013-4355: XSA-63: Information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Information leak through outs instruction emulation * CVE-2012-4544: XSA-25: Domain builder Out-of-memory due to malicious kernel/ramdisk * CVE-2013-0153: interrupt remap entries shared and old ones not cleared on AMD IOMMUs * CVE-2013-0154: XSA-37: Hypervisor crash due to incorrect ASSERT (debug build only) * CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions * CVE-2012-5634: XSA-33: VT-d interrupt remapping source validation flaw. Security Issue references: * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> * CVE-2012-5634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634> * CVE-2012-6075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075> * CVE-2013-0153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153> * CVE-2013-0154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154> * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919> * CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920> * CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952> * CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964> * CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072> * CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076> * CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077> * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> * CVE-2013-2211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211> * CVE-2013-4329 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> SUSE bug 787163 SUSE bug 794316 SUSE bug 797031 SUSE bug 797523 SUSE bug 800275 SUSE bug 813673 SUSE bug 813675 SUSE bug 813677 SUSE bug 816156 SUSE bug 816159 SUSE bug 816163 SUSE bug 819416 SUSE bug 820917 SUSE bug 820919 SUSE bug 823011 SUSE bug 823608 SUSE bug 826882 SUSE bug 839596 SUSE bug 839618 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 CVE-2012-4544 CVE-2012-5634 CVE-2012-6075 CVE-2013-0153 CVE-2013-0154 CVE-2013-1432 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 cpe:/o:suse:sles:11:sp1:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The SUSE Linux Enterprise Server 11 Service Pack 1 Xen hypervisor and toolset have been updated to fix various security issues: The following security issues have been addressed: * XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) * XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) * XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) * XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) Security Issues references: * CVE-2013-2212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212> * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> * CVE-2013-4553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553> * CVE-2013-4554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554> * CVE-2013-6885 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885> * CVE-2014-1891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891> * CVE-2014-1892 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892> * CVE-2014-1893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893> * CVE-2014-1894 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894> SUSE bug 831120 SUSE bug 848657 SUSE bug 849667 SUSE bug 849668 SUSE bug 853049 SUSE bug 860163 CVE-2013-2212 CVE-2013-4494 CVE-2013-4553 CVE-2013-4554 CVE-2013-6885 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1-TERADATA The SUSE Linux Enterprise 11 Service Pack 1 Xen package was updated to fix the following security issues: * XSA-106: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) Security Issues: * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> SUSE bug 880751 SUSE bug 895798 SUSE bug 895799 SUSE bug 895802 CVE-2014-4021 cpe:/o:suse:sles:11:sp1:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are - passed through to guests. * XSA-125: Long latency MMIO mapping operations were not preemptible. * CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. * CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. * CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Security Issues: * CVE-2015-2044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044> * CVE-2015-2045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045> * CVE-2015-2151 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151> * CVE-2015-2756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756> SUSE bug 918995 SUSE bug 918998 SUSE bug 919464 SUSE bug 922705 SUSE bug 922706 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2756 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for Xen SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA Xen was updated to fix six security issues: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bsc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bsc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bsc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bsc#931628) * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932996 CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4164 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#953527 - CVE-2015-5307: kernel: kvm/xen: x86: avoid guest->host DOS by intercepting #AC (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 953527 SUSE bug 954405 SUSE bug 956408 SUSE bug 956411 SUSE bug 956832 CVE-2015-5307 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8345 cpe:/o:suse:sles:11:sp1:teradata Security update for xerces-j2 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 cpe:/o:suse:sles:11:sp1:teradata Security update for xerces-j2 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libs SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html <http://lists.x.org/archives/xorg-announce/2014-May/002431.html> . Security Issues references: * CVE-2014-0209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209> * CVE-2014-0210 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210> * CVE-2014-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211> SUSE bug 857544 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libICE (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) Moderate SUSE bug 1002991 CVE-2016-7942 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) Moderate SUSE bug 1019642 CVE-2013-1997 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Moderate SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). Moderate SUSE bug 1182506 CVE-2021-31535 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643). Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libXdmcp (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libXext SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982). Security Issue reference: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXfixes (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) Moderate SUSE bug 1002995 CVE-2016-7944 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libXp SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXpm (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Moderate SUSE bug 1021315 CVE-2016-10164 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libXrender SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXrender (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Moderate SUSE bug 1003002 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libXt SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXv SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-libXv (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) Moderate SUSE bug 1003017 CVE-2016-5407 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Moderate SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003012 SUSE bug 1003023 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libs fixes several issues. These security issues were fixed: - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 SUSE bug 1065386 CVE-2017-13720 CVE-2017-13722 CVE-2017-16612 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Moderate SUSE bug 1103511 CVE-2015-9262 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-libxcb SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-libxcb addresses the following issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issue reference: * CVE-2013-2064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064> SUSE bug 818829 SUSE bug 821584 CVE-2013-2064 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles_ltss:11:sp1 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: Security issues: - CVE-2017-2624: Prevent timing attack against MIT cookie. (bsc#1025029) Non security issues: - Remove unused function with use-after-free issue. (bsc#1025035) - Use arc4random to generate cookies. (bsc#1025084) Moderate SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 CVE-2017-2624 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server provides the following fixes: Security issues fixed: - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) - Improve the entropy when generating random data used in X.org server authorization cookies generation by using getentropy() and getrandom() when available (bsc#1025084) Moderate SUSE bug 1025084 SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Important SUSE bug 1111697 CVE-2018-14665 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 CVE-2020-14345 CVE-2020-14347 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190489 CVE-2021-4011 cpe:/o:suse:sles:11:sp1:teradata Security update for xorg-x11-server-dmx, xorg-x11-server-dmx-debuginfo, xorg-x11-server-dmx-debugsource SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xorg-x11-server-dmx fixed the following security issues: CVE-2010-2240 - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw Security Issues: * CVE-2010-2240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240> * CVE-2011-4028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4028> * CVE-2011-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4029> SUSE bug 746949 CVE-2010-2240 CVE-2011-4028 CVE-2011-4029 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Xorg SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xorg-x11-server and xorg-x11-libs brings improved compatibility fixes and enhancements for X.org. The main feature is support for Multi monitor configurations with independent heads, which used to be supported with SUSE Linux Enterprise 10 (VGA Arbitration Support). During update to Service Pack 1, the support for AppGroup Extension was removed from the X11 Server. This update fixes this regression and adds back the support (bnc#709943). Additionally this update fixes bugs in the AppGroup Extensions, which resulted in Xserver crashes (bnc #716355). It also fixes an issue with changing the mouse mode to absolute (bnc#704467). It also fixes an issue with button release on non-core pointing devices (bnc#698281). In addition to that, multiple missing or incorrect bounds checking flaws were fixed in in GLX (CVE-2010-4818) and in the X Render Extension (CVE-2010-4819) were fixed, which could be used to crash the X server. A regression in handling TWM was fixed as well (bnc#709987). Security Issue references: * CVE-2010-4818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4818> * CVE-2010-4819 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4819> SUSE bug 648287 SUSE bug 648290 SUSE bug 698281 SUSE bug 704467 SUSE bug 709943 SUSE bug 709987 SUSE bug 714677 SUSE bug 716355 CVE-2010-4818 CVE-2010-4819 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for xpdf SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA A specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704) Security Issue references: * CVE-2010-3702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702> * CVE-2010-3703 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703> * CVE-2010-3704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704> SUSE bug 644112 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for xpdf-tools SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA This update of xpdf fixes an out-of-bounds write in CharCodeToUnicode.cc and a bad instruction pointer while parsing malformed PDF files. Security Issue references: * CVE-2010-2642 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642> * CVE-2010-4653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4653> * CVE-2010-4654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4654> SUSE bug 661018 SUSE bug 664484 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for xscreensaver (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA The xscreensaver package was updated to fix the following security and non security issues: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). - Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling. - Refresh xscreensaver-stars.patch. Moderate SUSE bug 952062 CVE-2015-8025 cpe:/o:suse:sles:11:sp1:teradata Security update for xterm (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles:11:sp1:teradata Security update for xz (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles:11:sp1:teradata Security update for yast2-storage (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for yast2-storage fixes the following issue: - Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746) Moderate SUSE bug 986971 CVE-2016-5746 cpe:/o:suse:sles:11:sp1:teradata Security update for zlib (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Empty text files compressed with gzip result in empty .gz file which cannot be uncompressed (bsc#920442) Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 SUSE bug 912771 SUSE bug 920442 CVE-2016-9840 CVE-2016-9841 CVE-2016-9843 cpe:/o:suse:sles:11:sp1:teradata Security update for zlib (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles:11:sp1:teradata Security update for zsh (Moderate) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath() that could lead to local arbitrary code execution ( bsc#1089030) Moderate SUSE bug 1089030 CVE-2018-1100 cpe:/o:suse:sles:11:sp1:teradata Security update for zsh (Important) SUSE Linux Enterprise Server 11 SP1-TERADATA This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294). - CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991). - CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026). - CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656). - CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296). - CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002). - CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998). - CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250). - CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975). - CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977). - CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885). Important SUSE bug 1082885 SUSE bug 1082975 SUSE bug 1082977 SUSE bug 1082991 SUSE bug 1082998 SUSE bug 1083002 SUSE bug 1083250 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 1107294 SUSE bug 1107296 SUSE bug 1163882 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-13259 CVE-2018-7549 CVE-2019-20044 cpe:/o:suse:sles:11:sp1:teradata Security update for zypper SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA The zypper setuid wrapper links against libzypp. This is not needed and adds unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. Security Issue reference: * CVE-2012-0420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0420> SUSE bug 770630 CVE-2012-0420 cpe:/o:suse:sles:11:sp1:teradata cpe:/o:suse:suse_sles:11:sp1 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 Mozilla Firefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026> SUSE bug 747320 SUSE bug 747328 CVE-2011-3026 cpe:/o:suse:suse_sles:11:sp2 Security update for ark SUSE Linux Enterprise Server 11 SP2 Ark was prone to a path traversal vulnerability allowing a maliciously-crafted zip file to allow for an arbitrary file to be displayed and, if the user has appropriate credentials, removed (CVE-2011-2725). Security Issue reference: * CVE-2011-2725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2725> SUSE bug 708268 CVE-2011-2725 cpe:/o:suse:suse_sles:11:sp2 Security update for CVS SUSE Linux Enterprise Server 11 SP2 A heap-based buffer overflow flaw was found in the way CVS read proxy connection HTTP responses. An attacker could exploit this to cause the application to crash or, potentially, execute arbitrary code in the context of the user running the application (CVE-2012-0804). Security Issue reference: * CVE-2012-0804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0804> SUSE bug 744059 CVE-2012-0804 cpe:/o:suse:suse_sles:11:sp2 Security update for IBM Java 1.6.0 SUSE Linux Enterprise Server 11 SP2 IBM Java 1.6.0 SR10 has been released fixing the following CVE's/security Issues: * CVE-2011-3389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389> * CVE-2011-3516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516> * CVE-2011-3521 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521> * CVE-2011-3544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544> * CVE-2011-3545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545> * CVE-2011-3546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546> * CVE-2011-3547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547> * CVE-2011-3548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548> * CVE-2011-3549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549> * CVE-2011-3550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550> * CVE-2011-3551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551> * CVE-2011-3552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552> * CVE-2011-3553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553> * CVE-2011-3554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554> * CVE-2011-3556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556> * CVE-2011-3557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557> * CVE-2011-3560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560> * CVE-2011-3561 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561> SUSE bug 739248 CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 cpe:/o:suse:suse_sles:11:sp2 Security update for libopenssl SUSE Linux Enterprise Server 11 SP2 This update of OpenSSL fixes a Denial of Services issue that could be triggered via unspecified vectors (CVE-2012-0050). Also, the SHA256 and SHA512 algorithms are now enabled by default. Security Issue reference: * CVE-2012-0050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050> SUSE bug 742821 SUSE bug 743344 CVE-2012-0050 cpe:/o:suse:suse_sles:11:sp2 Security update for libpng SUSE Linux Enterprise Server 11 SP2 A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026> SUSE bug 747311 CVE-2011-3026 cpe:/o:suse:suse_sles:11:sp2 Security update for libvorbis SUSE Linux Enterprise Server 11 SP2 Specially crafted Ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code (CVE-2012-0444). Security Issue reference: * CVE-2012-0444 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444> SUSE bug 747912 CVE-2012-0444 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla XULrunner SUSE Linux Enterprise Server 11 SP2 Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026> SUSE bug 747328 CVE-2011-3026 cpe:/o:suse:suse_sles:11:sp2 Security update for puppet SUSE Linux Enterprise Server 11 SP2 This update of puppet fixes two vulnerabilities that could potentially be exploited by local attackers to escalate privileges due to improper privilege dropping and file handling issues (symlink flaws) in puppet (CVE-2012-1053, CVE-2012-1054). Security Issue references: * CVE-2012-1053 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053> * CVE-2012-1054 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054> SUSE bug 747657 CVE-2012-1053 CVE-2012-1054 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) * Use-after-free with SMIL Animation Controller. (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue: * Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues references: * CVE-2014-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533> * CVE-2014-1534 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534> * CVE-2014-1536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536> * CVE-2014-1537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537> * CVE-2014-1538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538> * CVE-2014-1541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541> * CVE-2014-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545> SUSE bug 881874 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ImageMagick SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 ImageMagick has been updated to fix an integer overflow (CVE-2012-3438). Also a slowness in 'convert' when resizing JPEG images has been addressed (bnc#754481). SUSE bug 754481 SUSE bug 773612 CVE-2012-3438 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vulnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Important SUSE bug 978061 CVE-2016-3714 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Important SUSE bug 982178 CVE-2016-5118 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mesa SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993> SUSE bug 815451 SUSE bug 821855 CVE-2013-1993 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737> * CVE-2013-1735 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735> * CVE-2013-1736 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736> * CVE-2013-1732 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732> * CVE-2013-1730 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730> * CVE-2013-1726 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726> * CVE-2013-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725> * CVE-2013-1722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722> * CVE-2013-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718> * CVE-2013-1705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705> SUSE bug 840485 CVE-2013-1705 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1726 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox was updated to version 38.5.0 ESR. It fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Moderate SUSE bug 977333 SUSE bug 977374 SUSE bug 977376 SUSE bug 977381 SUSE bug 977386 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12. These security issues were fixed in 45.3.0ESR: - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62) - CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63) - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65) - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67) - CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) - CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73) - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78) - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79) - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Security issues fixed in 45.2.0.ESR: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2-LTSS This MozillaFirefox and mozilla-nss update fixes several security and non-security issues. MozillaFirefox has been updated to version 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532> * CVE-2014-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531> * CVE-2014-1530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530> * CVE-2014-1529 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529> * CVE-2014-1524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524> * CVE-2014-1523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523> * CVE-2014-1520 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520> * CVE-2014-1518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518> SUSE bug 865539 SUSE bug 869827 SUSE bug 875378 SUSE bug 875803 CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#938344: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM (CVE-2015-5154) Moderate SUSE bug 938344 SUSE bug 939712 CVE-2015-5154 CVE-2015-5165 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for apache2-mod_nss SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following security issues with apache2-mod_nss: * bnc#853039: client certificate verification problematic (CVE-2013-4566) Security Issue reference: * CVE-2013-4566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566> SUSE bug 853039 CVE-2013-4566 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for apache2-mod_nss (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Moderate SUSE bug 975394 SUSE bug 979688 CVE-2013-4566 CVE-2014-3566 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for PHP5 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420> * CVE-2013-4248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248> SUSE bug 837746 SUSE bug 854880 CVE-2013-4248 CVE-2013-6420 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for PHP5 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420> * CVE-2013-6712 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712> * CVE-2013-4248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248> SUSE bug 854880 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for automake SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of automake fixes a race condition in 'distcheck' (CVE-2012-3386). Also a bug where world writeable tarballs were generated during 'make dist' has been fixed (CVE-2009-4029). Security Issue reference: * CVE-2012-3386 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386> * CVE-2009-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029> SUSE bug 559815 SUSE bug 770618 CVE-2012-3386 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for bind SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Critical) SUSE Linux Enterprise Server 11 SP2-LTSS The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for bsdtar (Important) SUSE Linux Enterprise Server 11 SP2-LTSS bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mono SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mono was updated to fix a cross site scripting attack in the System.Web class 'forbidden extensions' filtering has been fixed. (CVE-2012-3382) Security Issue reference: * CVE-2012-3382 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382> SUSE bug 769799 CVE-2012-3382 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Samba SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following security issues with Samba: * bnc#844720: DCERPC frag_len not checked (CVE-2013-4408) * bnc#853347: winbind pam security problem (CVE-2012-6150) * bnc#848101: No access check verification on stream files (CVE-2013-4475) And fixes the following non-security issues: * bnc#853021: libsmbclient0 package description contains comments * bnc#817880: rpcclient adddriver and setdrive do not set all needed registry entries * bnc#838472: Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME * bnc#854520 and bnc#849226: various upstream fixes Security Issue references: * CVE-2012-6150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150> * CVE-2013-4408 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408> * CVE-2013-4475 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475> SUSE bug 817880 SUSE bug 838472 SUSE bug 844720 SUSE bug 848101 SUSE bug 849226 SUSE bug 853021 SUSE bug 853347 SUSE bug 854520 CVE-2012-6150 CVE-2013-4408 CVE-2013-4475 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for clamav SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. Security Issue references: * CVE-2013-2020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020> * CVE-2013-2021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021> SUSE bug 816865 CVE-2013-2020 CVE-2013-2021 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for coreutils SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This coreutils update fixes three minor security issues. * #798538 - VUL-1: CVE-2013-0221: segmentation fault in 'sort -d' and 'sort -M' with long line input * #796243 - VUL-1: CVE-2013-0222: segmentation fault in 'uniq' with long line input * #798541 - VUL-1: CVE-2013-0223: segmentation fault in 'join -i' with long line input Security Issue references: * CVE-2013-0221 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0221> * CVE-2013-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0222> * CVE-2013-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0223> SUSE bug 796243 SUSE bug 798538 SUSE bug 798541 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for CUPS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The following security issue has been fixed in the CUPS print daemon CVE-2012-5519: The patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup, SystemGroupAuthKey, TempDir, User. The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only. Additionally the following bug has been fixed: * strip trailing '@REALM' from username for Kerberos authentication (CUPS STR#3972 bnc#827109) Security Issue reference: * CVE-2012-5519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519> SUSE bug 789566 SUSE bug 827109 CVE-2012-5519 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for curl SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015> SUSE bug 858673 CVE-2014-0015 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for dhcp SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The ISC DHCP server had a denial of service issue in handling specific DDNS requests which could cause a out of memory usage situation. (CVE-2013-2266) This update also adds a dhcp6-server service template for SuSEfirewall2 (bnc#783002) Security Issues: * CVE-2013-2266 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266> SUSE bug 783002 SUSE bug 811934 CVE-2013-2266 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Moderate SUSE bug 969820 CVE-2016-2774 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for dhcpcd (Important) SUSE Linux Enterprise Server 11 SP2-LTSS dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for fastjar SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831> SUSE bug 607043 CVE-2010-0831 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative 'height' header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a 'requiredFeatures' attribute is moved between documents. In that situation, the internal representation of the 'requiredFeatures' value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. SUSE bug 777588 CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues: * MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.) * MFSA 2012-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-3983: Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. * CVE-2012-3982: Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. * MFSA 2012-75 / CVE-2012-3984: Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation * MFSA 2012-76 / CVE-2012-3985: Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. * MFSA 2012-77 / CVE-2012-3986: Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. * MFSA 2012-78 / CVE-2012-3987: Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. This vulnerability only affects Firefox for Android. * MFSA 2012-79 / CVE-2012-3988: Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. * MFSA 2012-80 / CVE-2012-3989: Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. * MFSA 2012-81 / CVE-2012-3991: Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. * MFSA 2012-82 / CVE-2012-3994: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. * MFSA 2012-83: Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. * CVE-2012-3993: XrayWrapper pollution via unsafe COW * CVE-2012-4184: ChromeObjectWrapper is not implemented as intended * MFSA 2012-84 / CVE-2012-3992: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. * MFSA 2012-85: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. * CVE-2012-3995: Out of bounds read in IsCSSWordSpacingSpace * CVE-2012-4179: Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn * CVE-2012-4180: Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace * CVE-2012-4181: Heap-use-after-free in nsSMILAnimationController::DoSample * CVE-2012-4182: Heap-use-after-free in nsTextEditRules::WillInsert * CVE-2012-4183: Heap-use-after-free in DOMSVGTests::GetRequiredFeatures * MFSA 2012-86: Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. * CVE-2012-4185: Global-buffer-overflow in nsCharTraits::length * CVE-2012-4186: Heap-buffer-overflow in nsWaveReader::DecodeAudioData * CVE-2012-4187: Crash with ASSERTION: insPos too small * CVE-2012-4188: Heap-buffer-overflow in Convolve3x3 * MFSA 2012-87 / CVE-2012-3990: Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. * MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. Security Issue reference: * CVE-2012-3977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3977> * CVE-2012-3982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982> * CVE-2012-3983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983> * CVE-2012-3984 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984> * CVE-2012-3985 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985> * CVE-2012-3986 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986> * CVE-2012-3987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987> * CVE-2012-3988 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988> * CVE-2012-3989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989> * CVE-2012-3990 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990> * CVE-2012-3991 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991> * CVE-2012-3992 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992> * CVE-2012-3993 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993> * CVE-2012-3994 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994> * CVE-2012-3995 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995> * CVE-2012-4179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179> * CVE-2012-4180 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180> * CVE-2012-4181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181> * CVE-2012-4182 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182> * CVE-2012-4183 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183> * CVE-2012-4184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184> * CVE-2012-4185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185> * CVE-2012-4186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186> * CVE-2012-4187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187> * CVE-2012-4188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188> * CVE-2012-4192 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192> * CVE-2012-4193 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193> SUSE bug 783533 CVE-2012-3977 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3987 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 MozillaFirefox was updated to the 10.0.10ESR security release. The following issue has been fixed: * MFSA 2012-90: Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below. Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. * CVE-2012-4194: Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. * CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. * CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. SUSE bug 786522 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to 'top'. This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the '~' character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox 'new tab' page, the script will inherit the privileges of the privileged 'new tab' page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) SUSE bug 790140 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4206 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla Firefox was updated to the 10.0.12ESR release. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769> ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749> ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770> ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760> ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762> ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766> ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767> ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761> ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763> ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771> ) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release: o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829> ) * MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768> ) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. * MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. ( CVE-2013-0759 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759> ) * MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. ( CVE-2013-0744 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744> ) * MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751> ) * MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764> ) * MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745> ) * MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746> ) * MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747> ) * MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748> ) * MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750> ) * MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752> ) * MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757> ) * MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758> ) * MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753> ) * MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754> ) * MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755> ) * MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756> ) * MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743> ) SUSE bug 796895 CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 MozillaFirefox has been updated to the 17.0.4ESR release which fixes one important security issue: * MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. Security Issue reference: * CVE-2013-0787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787> SUSE bug 808243 CVE-2013-0787 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 MozillaFirefox has been updated to the 17.0.5ESR release fixing bugs and security issues. Also Mozilla NSS has been updated to version 3.14.3 and Mozilla NSPR to 4.9.6. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 19. (CVE-2013-0789) Jim Chen reported a memory safety problem that affects Firefox for Android * (CVE-2013-0790) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-33 / CVE-2013-0798: Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation. This vulnerability only affects Firefox for Android. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-079: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789> * CVE-2013-0790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 813026 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla Firefox has been updated to the17.0.6ESR security release. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. Security Issue references: * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0793 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> SUSE bug 792432 SUSE bug 819204 CVE-2013-0788 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0799 CVE-2013-0800 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla Firefox was updated to the 17.0.10ESR release, fixing various bugs and security issues: MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. * ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) * ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) * ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issues: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox was updated to the 24.3.0ESR security release. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Also Mozilla NSS was updated to 3.15.4 release. * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477> * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479> * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480> * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481> * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482> * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483> * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484> * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485> * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486> * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487> * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488> * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489> * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490> * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491> SUSE bug 859055 SUSE bug 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html <https://www.mozilla.org/security/announce/2014/mfsa2014-63.html> * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html <https://www.mozilla.org/security/announce/2014/mfsa2014-56.html> * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html <https://www.mozilla.org/security/announce/2014/mfsa2014-57.html> * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html <https://www.mozilla.org/security/announce/2014/mfsa2014-58.html> * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html <https://www.mozilla.org/security/announce/2014/mfsa2014-59.html> * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html <https://www.mozilla.org/security/announce/2014/mfsa2014-66.html> * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html <https://www.mozilla.org/security/announce/2014/mfsa2014-61.html> * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html <https://www.mozilla.org/security/announce/2014/mfsa2014-62.html> * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html <https://www.mozilla.org/security/announce/2014/mfsa2014-64.html> * CVE-2014-1558,CVE-2014-1559,CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html <https://www.mozilla.org/security/announce/2014/mfsa2014-65.html> * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html <https://www.mozilla.org/security/announce/2014/mfsa2014-60.html> Security Issues: * CVE-2014-1557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557> * CVE-2014-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547> * CVE-2014-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548> * CVE-2014-1556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556> * CVE-2014-1544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544> * CVE-2014-1555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555> SUSE bug 887746 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues: * CVE-2014-1562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562> * CVE-2014-1567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567> SUSE bug 894370 CVE-2014-1562 CVE-2014-1567 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587> * CVE-2014-1588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588> * CVE-2014-1589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589> * CVE-2014-1590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590> * CVE-2014-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591> * CVE-2014-1592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592> * CVE-2014-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593> * CVE-2014-1594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594> * CVE-2014-1595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595> SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ <https://www.mozilla.org/en-US/security/advisories/> Security Issues: * CVE-2014-1569 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569> * CVE-2014-8634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634> * CVE-2014-8639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639> * CVE-2014-8641 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641> * CVE-2014-8638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638> * CVE-2014-8636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636> * CVE-2014-8637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637> * CVE-2014-8640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640> SUSE bug 906111 SUSE bug 909563 SUSE bug 910647 SUSE bug 910669 CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitrary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817> * CVE-2015-0818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818> SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557): Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558): Add-on notification bypass through data URLs Important SUSE bug 943557 SUSE bug 943558 SUSE bug 943608 CVE-2015-4497 CVE-2015-4498 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues: * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs: * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894): * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP2-LTSS This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. This update fixes some regressions introduced by the previously released update. Security Issues: * CVE-2014-1574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574> * CVE-2014-1575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575> * CVE-2014-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576> * CVE-2014-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577> * CVE-2014-1578 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578> * CVE-2014-1581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581> * CVE-2014-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583> * CVE-2014-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585> * CVE-2014-1586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586> SUSE bug 900941 SUSE bug 905056 SUSE bug 905528 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for freeradius SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for freeradius-server provides the following fixes and improvements: * Increase the vendor IDs limit from 32767 to 65535 (bnc#791666) * Fix issues with escaping special characters in password (bnc#797515) * Respect expired passwords and accounts when using the unix module (bnc#797313, CVE-2011-4966). Security Issue reference: * CVE-2011-4966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966> SUSE bug 791666 SUSE bug 797313 SUSE bug 797515 CVE-2011-4966 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for freetype2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes: * OOB access in bdf_free_font() and _bdf_parse_glyphs() (CVE-2012-5668 and CVE-2012-5669) As well as the following non-security bugs: * [bdf] Savannah bug #37905. o src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in * [bdf] Fix Savannah bug #37906. o src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'. Security Issue references: * CVE-2012-5668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668> * CVE-2012-5669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669> SUSE bug 795826 CVE-2012-5668 CVE-2012-5669 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ghostscript SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue. Security Issue reference: * CVE-2012-4405 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405> SUSE bug 779700 CVE-2012-4405 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for glibc SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in <sys/mount.h> (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412> * CVE-2013-0242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242> * CVE-2013-1914 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914> * CVE-2013-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237> * CVE-2013-4332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332> * CVE-2013-4788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788> SUSE bug 691365 SUSE bug 779320 SUSE bug 791928 SUSE bug 801246 SUSE bug 811979 SUSE bug 813121 SUSE bug 818628 SUSE bug 819347 SUSE bug 822210 SUSE bug 827811 SUSE bug 828235 SUSE bug 828637 SUSE bug 830268 SUSE bug 834594 SUSE bug 839870 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) - CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257) - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227) - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) - bsc#920338: Read past end of pattern in fnmatch - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) The following non-security bugs were fixed: - bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1 - bnc#863499: Memory leak in getaddrinfo when many RRs are returned - bsc#892065: Avoid unbound alloca in setenv - bsc#945779: Properly reread entry after failure in nss_files getent function Important SUSE bug 830257 SUSE bug 847227 SUSE bug 863499 SUSE bug 892065 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 945779 SUSE bug 950944 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2013-2207 CVE-2013-4458 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for GnuTLS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116> SUSE bug 821818 CVE-2013-2116 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for gpg2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This GnuPG update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted. * CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed. Security Issue reference: * CVE-2013-4351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351> * CVE-2013-4402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402> SUSE bug 840510 SUSE bug 844175 CVE-2013-4351 CVE-2013-4402 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for gtk2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The following issue has been fixed: * Specially crafted GIF and XBM files could have crashed gtk2 (CVE-2012-2370,CVE-2011-2485) Security Issue references: * CVE-2012-2370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370> * CVE-2011-2485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485> SUSE bug 702028 SUSE bug 762735 CVE-2011-2485 CVE-2012-2370 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for hplip SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log) Security Issue references: * CVE-2013-4325 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325> * CVE-2013-0200 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200> * CVE-2013-6402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402> SUSE bug 808355 SUSE bug 835827 SUSE bug 836937 SUSE bug 852368 CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for icu SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update is rereleased because some architectures were missed on the first try. It fixes the following security issues: * Specially crafted strings could cause a buffer overflow in icu ( CVE-2011-4599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599> ) * An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409> ) SUSE bug 657910 SUSE bug 736146 CVE-2011-4599 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for inn SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 was assigned to this issue. Security Issue reference: * CVE-2012-3523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3523> SUSE bug 776967 CVE-2012-3523 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for jakarta-commons-fileupload SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 jakarta-commons-fileupload received a security fix: * A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker could able to supply a serialized instance of the DiskFileItem class, which would be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process. (CVE-2013-2186) Security Issue reference: * CVE-2013-2186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186> SUSE bug 846174 CVE-2013-2186 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for jakarta SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The following issue has been fixed: * SSL certificate hostname verification was not done and is fixed by this update. (CVE-2012-5783) Security Issue reference: * CVE-2012-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783> SUSE bug 803332 CVE-2012-5783 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for java-1_4_2-ibm SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 IBM Java 1.4.2 was updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009> * CVE-2013-3011 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011> * CVE-2013-3012 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012> * CVE-2013-2469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469> * CVE-2013-2465 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465> * CVE-2013-2464 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464> * CVE-2013-2463 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463> * CVE-2013-2473 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473> * CVE-2013-2472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472> * CVE-2013-2471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471> * CVE-2013-2470 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470> * CVE-2013-2459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459> * CVE-2013-2456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456> * CVE-2013-2447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447> * CVE-2013-2452 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452> * CVE-2013-2446 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446> * CVE-2013-2450 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450> * CVE-2013-1500 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500> SUSE bug 823034 SUSE bug 829212 CVE-2013-1500 CVE-2013-2446 CVE-2013-2447 CVE-2013-2450 CVE-2013-2452 CVE-2013-2456 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for IBM Java 6 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 IBM Java 6 SR15 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Security Issue references: * CVE-2013-5458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458> * CVE-2013-5456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456> * CVE-2013-5457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457> * CVE-2013-4041 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041> * CVE-2013-5375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375> * CVE-2013-5372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372> * CVE-2013-5843 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843> * CVE-2013-5789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789> * CVE-2013-5830 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830> * CVE-2013-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829> * CVE-2013-5787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787> * CVE-2013-5788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788> * CVE-2013-5824 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824> * CVE-2013-5842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842> * CVE-2013-5782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782> * CVE-2013-5817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817> * CVE-2013-5809 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809> * CVE-2013-5814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814> * CVE-2013-5832 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832> * CVE-2013-5850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850> * CVE-2013-5838 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838> * CVE-2013-5802 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802> * CVE-2013-5812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812> * CVE-2013-5804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804> * CVE-2013-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783> * CVE-2013-3829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829> * CVE-2013-5823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823> * CVE-2013-5831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831> * CVE-2013-5820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820> * CVE-2013-5819 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819> * CVE-2013-5818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818> * CVE-2013-5848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848> * CVE-2013-5776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776> * CVE-2013-5774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774> * CVE-2013-5825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825> * CVE-2013-5840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840> * CVE-2013-5801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801> * CVE-2013-5778 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778> * CVE-2013-5851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851> * CVE-2013-5800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800> * CVE-2013-5784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784> * CVE-2013-5849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849> * CVE-2013-5790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790> * CVE-2013-5780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780> * CVE-2013-5797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797> * CVE-2013-5803 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803> * CVE-2013-5772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772> SUSE bug 849212 CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries * bsc#941939: provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 935540 SUSE bug 936844 SUSE bug 938895 SUSE bug 941939 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Important SUSE bug 960286 SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Important SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for IBM Java 7 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Security Issue references: * CVE-2013-5458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458> * CVE-2013-5456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456> * CVE-2013-5457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457> * CVE-2013-4041 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041> * CVE-2013-5375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375> * CVE-2013-5372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372> * CVE-2013-5843 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843> * CVE-2013-5789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789> * CVE-2013-5830 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830> * CVE-2013-5829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829> * CVE-2013-5787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787> * CVE-2013-5788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788> * CVE-2013-5824 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824> * CVE-2013-5842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842> * CVE-2013-5782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782> * CVE-2013-5817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817> * CVE-2013-5809 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809> * CVE-2013-5814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814> * CVE-2013-5832 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832> * CVE-2013-5850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850> * CVE-2013-5838 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838> * CVE-2013-5802 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802> * CVE-2013-5812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812> * CVE-2013-5804 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804> * CVE-2013-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783> * CVE-2013-3829 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829> * CVE-2013-5823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823> * CVE-2013-5831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831> * CVE-2013-5820 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820> * CVE-2013-5819 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819> * CVE-2013-5818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818> * CVE-2013-5848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848> * CVE-2013-5776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776> * CVE-2013-5774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774> * CVE-2013-5825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825> * CVE-2013-5840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840> * CVE-2013-5801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801> * CVE-2013-5778 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778> * CVE-2013-5851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851> * CVE-2013-5800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800> * CVE-2013-5784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784> * CVE-2013-5849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849> * CVE-2013-5790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790> * CVE-2013-5780 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780> * CVE-2013-5797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797> * CVE-2013-5803 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803> * CVE-2013-5772 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772> SUSE bug 849212 CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS java-1_7_0-ibm was updated to fix 21 security issues. These security issues were fixed: - CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment (bsc#938895). - CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security (bsc#938895). - CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bsc#938895). - CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine (bsc#938895). - CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (bsc#938895). - CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bsc#938895). - CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590 (bsc#938895). - CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers to affect confidentiality via vectors related to JMX (bsc#938895). - CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732 (bsc#938895). - CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JSSE (bsc#938895). - CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-1931: Unspecified vulnerability (bsc#938895). - CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#935540). - CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, did not properly combine state data with key data during the initialization phase, which made it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the 'Bar Mitzvah' issue (bsc#938895). - CVE-2015-4749: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect availability via vectors related to JNDI (bsc#938895). Important SUSE bug 935540 SUSE bug 938895 CVE-2015-0192 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues: - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 941939 SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Important SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This IBM Java 1.7.0 SR9 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for java-1_7_0-ibm fixes the following issues: - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 SUSE bug 992537 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for kdelibs4 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This kdelibs4 update fixes several security issues related to khtml/konqueror. * Fix security issues and null pointer references in khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515) Security Issue references: * CVE-2012-4512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512> * CVE-2012-4513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513> * CVE-2012-4515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515> SUSE bug 787520 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Linux kernel SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to fix a regression introduced by the previous update: * scsi_dh_alua: Incorrect reference counting in the SCSI ALUA initialization code lead to system crashes on boot (bnc#858831). As the update introducing the regression was marked security, this is also marked security even though this bug is not security relevant. SUSE bug 858831 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). The following non-security bugs were fixed: - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dasd: Fix unresumed device after suspend/resume (bnc#927287, LTC#123892). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261, bsc#1011482). - nfs: do not do blind d_drop() in nfs_prime_dcache() (bnc#908069 bnc#896484 bsc#963053). - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484 bsc#963053). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595, bsc#1011482). - nfsv4: nfs4_proc_renew should be declared static (bnc#863873). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514 bsc#1011482). - nfsv4: The NFSv4.0 client must send RENEW calls if it holds a delegation (bnc#863873). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809). - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - Revert 's390/mm: fix asce_bits handling with dynamic pagetable levels' This reverts commit 6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8. - rpm/config.sh: Set the release string to 0.7.<RELEASE> (bsc#997059) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984, LTC#133077). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). Conflicts: series.conf - s390/pageattr: do a single TLB flush for change_page_attr (bsc#1009443,LTC#148182). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). Important SUSE bug 1003077 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1007944 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1009443 SUSE bug 1010150 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010716 SUSE bug 1011482 SUSE bug 1011685 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1013038 SUSE bug 1013531 SUSE bug 1013542 SUSE bug 1014746 SUSE bug 1017710 SUSE bug 1021258 SUSE bug 835175 SUSE bug 839104 SUSE bug 863873 SUSE bug 874145 SUSE bug 896484 SUSE bug 908069 SUSE bug 914939 SUSE bug 922947 SUSE bug 927287 SUSE bug 940966 SUSE bug 950998 SUSE bug 954984 SUSE bug 956514 SUSE bug 958000 SUSE bug 960689 SUSE bug 963053 SUSE bug 967716 SUSE bug 968500 SUSE bug 969340 SUSE bug 971360 SUSE bug 971944 SUSE bug 978401 SUSE bug 978821 SUSE bug 979213 SUSE bug 979274 SUSE bug 979548 SUSE bug 979595 SUSE bug 979879 SUSE bug 979915 SUSE bug 980363 SUSE bug 980371 SUSE bug 980725 SUSE bug 981267 SUSE bug 983143 SUSE bug 983213 SUSE bug 984755 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 986572 SUSE bug 989261 SUSE bug 991608 SUSE bug 991665 SUSE bug 992566 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994436 SUSE bug 994618 SUSE bug 994759 SUSE bug 995968 SUSE bug 997059 SUSE bug 999932 CVE-2004-0230 CVE-2012-6704 CVE-2013-4312 CVE-2015-1350 CVE-2015-7513 CVE-2015-7833 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2016-0823 CVE-2016-10088 CVE-2016-1583 CVE-2016-2187 CVE-2016-2189 CVE-2016-3841 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code. - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-0777: drivers/xen/usbback/usbback.c in the Linux kernel allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bnc#919463). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun' (bnc#933429). - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket (bnc#927257). - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel allowed remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message (bnc#922583). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919007). - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect (bnc#929525). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bnc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bnc#914742). - CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename (bnc#918333). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919018). - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data (bnc#915577). The following non-security bugs were fixed: - HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#931474). - HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#931474). - HID: add quirk for PIXART OEM mouse used by HP (bnc#931474). - HID: usbhid: add always-poll quirk (bnc#931474). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen. - HID: usbhid: fix PIXART optical mouse (bnc#931474). - HID: usbhid: more mice with ALWAYS_POLL (bnc#931474). - HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#931474). - bnx2x: Fix kdump when iommu=on (bug#921769). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - coredump: ensure the fpu state is flushed for proper multi-threaded core dump (bsc#904671, bsc#929360). - dm: fixed that LVM merge snapshot of root logical volume were not working (bsc#928801) - deal with deadlock in d_walk fix (bnc#929148, bnc#929283). - e1000: do not enable dma receives until after dma address has been setup (bsc#821931). - fsnotify: Fix handling of renames in audit (bnc#915200). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize -&gt;redirect_genid in inet_getpeer() (bnc#860593). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: fix data corruption when reading /proc/sysinfo (bsc#891087, bsc#937986, LTC#114480). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - time, ntp: Do not update time_state in middle of leap second (bsc#912916). - s390-3215-tty-close-crash.patch: kernel: 3215 tty close crash (bsc#916010, LTC#120873). - s390-3215-tty-close-race.patch: kernel: 3215 console crash (bsc#916010, LTC#94302). - s390-3215-tty-hang.patch: Renamed from patches.arch/s390-tty-hang.patch. - s390-3215-tty-hang.patch: Update references (bnc#898693, bnc#897995, LTC#114562). - s390-dasd-retry-partition-detection.patch: s390/dasd: retry partition detection (bsc#916010, LTC#94302). - s390-dasd-retry-partition-detection.patch: Update references (bsc#916010, LTC#120565). - s390-sclp-tty-refcount.patch: kernel: sclp console tty reference counting (bsc#916010, LTC#115466). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi/sg: sg_start_req(): make sure that there is not too many elements in iovec (bsc#940338). - x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state() (bsc#904671, bsc#929360). - x86-mm-send-tlb-flush-ipis-to-online-cpus-only.patch: x86, mm: Send tlb flush IPIs to online cpus only (bnc#798406). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/reboot: Fix a warning message triggered by stop_other_cpus() (bnc#930284). - xen: Correctly re-enable interrupts in xen_spin_wait() (bsc#879878, bsc#908870). - xfs: prevent deadlock trying to cover an active log (bsc#917093). Important SUSE bug 798406 SUSE bug 821931 SUSE bug 860593 SUSE bug 879878 SUSE bug 891087 SUSE bug 897995 SUSE bug 898693 SUSE bug 900881 SUSE bug 904671 SUSE bug 908870 SUSE bug 909477 SUSE bug 912916 SUSE bug 914742 SUSE bug 915200 SUSE bug 915517 SUSE bug 915577 SUSE bug 916010 SUSE bug 917093 SUSE bug 917830 SUSE bug 918333 SUSE bug 919007 SUSE bug 919018 SUSE bug 919463 SUSE bug 921769 SUSE bug 922583 SUSE bug 923245 SUSE bug 926240 SUSE bug 927257 SUSE bug 928801 SUSE bug 929148 SUSE bug 929283 SUSE bug 929360 SUSE bug 929525 SUSE bug 930284 SUSE bug 930934 SUSE bug 931474 SUSE bug 933429 SUSE bug 935705 SUSE bug 936831 SUSE bug 937032 SUSE bug 937986 SUSE bug 940338 SUSE bug 940398 CVE-2014-8086 CVE-2014-8159 CVE-2014-9683 CVE-2015-0777 CVE-2015-1420 CVE-2015-1421 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The following non-security bugs were fixed: - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - Fix lpfc_send_rscn_event allocation size claims bnc#935757 - Fix ntpd clock synchronization in Xen PV domains (bnc#816446). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - SCSI: bfa: Fix to handle firmware tskim abort request response (bsc#972510). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bsc#977847). - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117). - privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). - s390/cio: collect format 1 channel-path description data (bsc#966460, bsc#966662). - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662). - s390/cio: fix measurement characteristics memleak (bsc#966460, bsc#966662). - s390/cio: update measurement characteristics (bsc#966460, bsc#966662). - xfs: Fix lost direct IO write in the last block (bsc#949744). Important SUSE bug 816446 SUSE bug 861093 SUSE bug 928130 SUSE bug 935757 SUSE bug 939826 SUSE bug 942367 SUSE bug 945825 SUSE bug 946117 SUSE bug 946309 SUSE bug 948562 SUSE bug 949744 SUSE bug 949936 SUSE bug 951440 SUSE bug 952384 SUSE bug 953527 SUSE bug 954404 SUSE bug 955354 SUSE bug 955654 SUSE bug 956708 SUSE bug 956709 SUSE bug 958463 SUSE bug 958886 SUSE bug 958951 SUSE bug 959190 SUSE bug 959399 SUSE bug 961500 SUSE bug 961509 SUSE bug 961512 SUSE bug 963765 SUSE bug 963767 SUSE bug 964201 SUSE bug 966437 SUSE bug 966460 SUSE bug 966662 SUSE bug 966693 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968010 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 968670 SUSE bug 970504 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971126 SUSE bug 971360 SUSE bug 972510 SUSE bug 973570 SUSE bug 975945 SUSE bug 977847 SUSE bug 978822 CVE-2013-2015 CVE-2013-7446 CVE-2015-0272 CVE-2015-3339 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4486 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Important SUSE bug 1004418 CVE-2016-5195 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for krb5 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418> SUSE bug 849240 CVE-2013-1418 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for KVM SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 This update fixes a file permission issue with qga (the QEMU Guest Agent) from the qemu/kvm package and includes several bug-fixes. (bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008) (bnc#712137) (bnc#824340) Security Issues: * CVE-2013-2007 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007> SUSE bug 712137 SUSE bug 725008 SUSE bug 786813 SUSE bug 818182 SUSE bug 824340 CVE-2013-2007 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP2-LTSS kvm was updated to fix two security issues. The following vulnerabilities were fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). - CVE-2015-3209: Fix buffer overflow in pcnet emulation (bsc#932770). Important SUSE bug 932770 SUSE bug 938344 CVE-2015-3209 CVE-2015-5154 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for lcms SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Samba SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of Samba fixes one security issue and several bugs. The security fix is: * Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111> ) The non-security bug fixes merged from upstream Samba are: * Fix default name resolve order. (docs-xml, bso#7564). * Fix a segfault in vfs_aio_fork. (s3-aio-fork, bso#8836). * Remove whitespace in example samba.ldif. (docs, bso#8789) * Move print_backend_init() behind init_system_info(). (s3-smbd, bso#8845) * Prepend '/' to filename argument. (s3-docs, bso#8826) SUSE bug 757576 CVE-2012-2111 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libqt4 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 libqt4 has been updated to fix several security issues. * An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user (CVE-2013-0254). * openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) * Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied: * Add fix for qdbusviewer not matching args (bnc#784197) Security Issue reference: * CVE-2013-0254 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254> SUSE bug 784197 SUSE bug 797006 SUSE bug 802634 CVE-2013-0254 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for PostgreSQL SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update to version 9.1.9 fixes: * CVE-2013-1899: Fix insecure parsing of server command-line switches. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. Security Issue references: * CVE-2013-1899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899> * CVE-2013-1900 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900> * CVE-2013-1901 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901> SUSE bug 812525 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for mozilla-nss SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla NSS was updated to 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568> SUSE bug 897890 CVE-2014-1568 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for libgcrypt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for liblzo2-2 SUSE Linux Enterprise Server 11 SP2-LTSS lzo has been updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. (CVE-2014-4607) Security Issues: * CVE-2014-4607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607> SUSE bug 883947 CVE-2014-4607 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MySQL SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611). Security Issue references: * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615> * CVE-2012-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5613> * CVE-2012-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612> * CVE-2012-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611> SUSE bug 792444 CVE-2012-5611 CVE-2012-5612 CVE-2012-5613 CVE-2012-5615 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for OpenSSL SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed. Security Issue references: * CVE-2013-0169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2013-0166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> SUSE bug 779952 SUSE bug 802648 SUSE bug 802746 CVE-2013-0166 CVE-2013-0169 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for libotr SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes various heap overflows in libotr. CVE-2012-3461 has been assigned to this issue. Security Issue reference: * CVE-2012-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461> SUSE bug 777468 CVE-2012-3461 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for pcp SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. * Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; (bnc#782967). o Fix pcp(1) command short-form pmlogger reporting. o Fix pmdalogger error handling for directory files. o Fix pmstat handling of odd corner case in CPU metrics. o Correct the python ctype used for pmAtomValue 32bit ints. o Add missing RPM spec dependency for python-ctypes. o Corrections to pmdamysql metrics units. o Add pmdamysql slave status metrics. o Improve pmcollectl error messages. o Parameterize pmcollectl CPU counts in interrupt subsys. o Fix generic RPM packaging for powerpc builds. o Fix python API use of reentrant libpcp string routines. o Python code backporting for RHEL5 in qa and pmcollectl. o Fix edge cases in capturing interrupt error counts. * Update to pcp-3.6.9. o Python wrapper for the pmimport API o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified). o Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents. o Rework use of C99 'restrict' keyword in pmdalogger (Debian bug: 689552) o Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there. o Win32 build updates o Add 'raw' disk active metrics so that existing tools like iostat can be emulated o Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it. o Add PMI error codes into the PCP::LogImport perl module. o Fix a typo in pmiUnits man page synopsis section o Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused pmcollectl imports (Redhat bug: 863210) o Allow event traces to be used in libpcp interpolate mode * Update to pcp-3.6.8. o Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/) o Several minor/basic fixes for pmdaoracle. o Improve pmcollectl compatibility. o Make a few clarifications to pmcollectl.1. o Improve python API test coverage. o Numerous updates to the test suite in general. o Allow pmda Install scripts to specify own dso name again. o Reconcile spec file differences between PCP flavours. o Fix handling of multiple contexts with a remote namespace. o Core socket interface abstractions to support NSS (later). o Fix man page SYNOPSIS section for pmUnpackEventRecords. o Add --disable-shared build option for static builds. * Update to pcp-3.6.6. o Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb). o Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly) o Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree. o Fix potential buffer overflow in pmlogger host name handling. o Reworked the configure --prefix handling to be more like the rest of the open source world. o Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306. Security Issue references: * CVE-2012-3418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418> * CVE-2012-3419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419> * CVE-2012-3420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420> * CVE-2012-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421> SUSE bug 732763 SUSE bug 775009 SUSE bug 775010 SUSE bug 775011 SUSE bug 775013 SUSE bug 782967 CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for pixman SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for poppler SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of poppler fixes the following vulnerabilities: * CVE-2013-1788: Various invalid memory issues could be used by attackers supplying PDFs to crash the PDF viewer or potentially execute code. * CVE-2013-1789: A crash in poppler could be used by attackers providing PDFs to crash the PDF viewer. * CVE-2013-1790: An uninitialized memory read could be used by attackers providing PDFs to crash the PDF viewer. Security Issue references: * CVE-2013-1788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788> * CVE-2013-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789> * CVE-2013-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790> SUSE bug 806793 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libproxy SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. Security Issue reference: * CVE-2012-4505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505> SUSE bug 761626 SUSE bug 784523 CVE-2012-4505 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libtiff SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libvirt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 This libvirt update fixes a security issue. * bnc#838638: CVE-2013-4296: EMBARGOED: libvirt: Fix crash in remoteDispatchDomainMemoryStats * bnc#817008: Regression: vm-install fails to display on SLES 11 SP2 UV2000 Security Issue reference: * CVE-2013-4296 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296> SUSE bug 817008 SUSE bug 838638 CVE-2013-4296 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libvirt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 libvirt received security and bugfixes: * CVE-2012-4423: Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed: * qemu: Fix probing for guest capabilities * xen-xm: Generate UUID if not specified * xenParseXM: don't dereference NULL pointer when script is empty Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 772586 SUSE bug 773621 SUSE bug 773626 SUSE bug 780432 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libxml2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877> SUSE bug 829077 SUSE bug 854869 CVE-2013-2877 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for libxslt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026): - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed: - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Moderate SUSE bug 954447 SUSE bug 959888 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 SUSE bug 967087 CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Important SUSE bug 935033 SUSE bug 935979 SUSE bug 940806 SUSE bug 940918 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Mozilla NSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for nagios SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes a DoS vulnerability in process_cgivars() of the nagios package. CVE-2013-7108 has been assigned to this issue. Security Issue reference: * CVE-2013-7108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108> SUSE bug 856837 CVE-2013-7108 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for nagios-nrpe, nagios-plugins-nrpe SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Nagios NRPE was updated to add more blacklisting to avoid shell injection via nagios request packets (CVE-2013-1362). Security Issues: * CVE-2013-1362 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1362> SUSE bug 807241 CVE-2013-1362 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for libfreebl3 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. SUSE bug 854367 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues: Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) Major functional changes: - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option. - 'kod' was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. These security issues were fixed: - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove 'kod' from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add 'addserver' as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. - bsc#784760: Remove local clock from default configuration. - bsc#942441/fate#319496: Require perl-Socket6. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - bsc#920183: Allow -4 and -6 address qualifiers in 'server' directives. - Use upstream ntp-wait, because our version is incompatible with the new ntpq command line syntax. Important SUSE bug 782060 SUSE bug 784760 SUSE bug 905885 SUSE bug 910063 SUSE bug 916617 SUSE bug 920183 SUSE bug 920238 SUSE bug 926510 SUSE bug 936327 SUSE bug 937837 SUSE bug 942441 SUSE bug 942587 SUSE bug 943216 SUSE bug 943218 SUSE bug 944300 SUSE bug 946386 SUSE bug 951351 SUSE bug 951559 SUSE bug 951608 SUSE bug 951629 SUSE bug 954982 SUSE bug 956773 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962994 SUSE bug 962995 SUSE bug 962997 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 975981 CVE-2015-5194 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226). Important SUSE bug 957226 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP2-LTSS ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). Important SUSE bug 979302 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for OpenSSH SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for OpenSSH provides the following fixes: * Implement remote denial of service hardening. (bnc#802639, CVE-2010-5107) * Use only FIPS 140-2 approved algorithms when FIPS mode is detected. (bnc#755505, bnc#821039) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) Security Issue reference: * CVE-2010-5107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107> SUSE bug 755505 SUSE bug 802639 SUSE bug 821039 SUSE bug 826906 CVE-2010-5107 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS openssh was updated to fix four security issues. These security issues were fixed: - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). - CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483). - Hardening patch to fix sftp RCE (bsc#903649). These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. Moderate SUSE bug 673532 SUSE bug 903649 SUSE bug 905118 SUSE bug 914309 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openssl-certs SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 openssl-certs was updated with the current certificate data available from mozilla.org. Changes: * Updated certificates to revision 1.95 * Distrust a sub-ca that issued google.com certificates. 'Distrusted AC DG Tresor SSL' (bnc#854367) Many CA updates from Mozilla: * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability * new 'EE Certification Centre Root CA' * new 'T-TeleSec GlobalRoot Class 3' * revoke mis-issued intermediate CAs from TURKTRUST. SUSE bug 796628 SUSE bug 854367 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for openswan SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes a Denial of Service (DoS) vulnerability via IKEv2 I1 notifications in openswan. CVE-2013-7294 has been assigned to this issue. Security Issues: * CVE-2013-7294 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7294> SUSE bug 859220 CVE-2013-7294 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for openvpn SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061> SUSE bug 843509 CVE-2013-2061 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Perl SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of Perl 5 fixes the following security issues: * fix rehash DoS [bnc#804415] [CVE-2013-1667] * improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] * fix glob denial of service [bnc#796014] [CVE-2011-2728] * sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] Security Issue references: * CVE-2013-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667> SUSE bug 789994 SUSE bug 796014 SUSE bug 797060 SUSE bug 804415 CVE-2013-1667 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS The PHP5 script interpreter was updated to fix security issues: * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Important SUSE bug 945412 SUSE bug 945428 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for php5 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Important SUSE bug 986004 SUSE bug 986244 SUSE bug 986386 SUSE bug 986388 SUSE bug 986393 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for php53 to version 5.3.17 fixes the following issues: These security issues were fixed: - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829). - CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829. - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830). - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828). - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991). - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994). - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003). - CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005). - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997). - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996). - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792). - CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351). - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821). - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location (bsc#971912). - CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612). - CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611). - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284). - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961). - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291). - CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296. - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a 'type confusion' in the serialize_function_call function (bsc#945428). - CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412). - CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412). - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719). - CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721). - CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935224). - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935226). - CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226). - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226. - CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935234). - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274). - CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275). - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227). - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229). - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232). - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue (bsc#933227). - CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421). - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776). - CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772). - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769). - CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506). - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511). - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972). - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945). - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452). - CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950). - CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451). - CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768). - CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690). - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357). - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360). - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368). - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions (bsc#893849). - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853). - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (bsc#886059). - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (bsc#886060). - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961). - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986). - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987). - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989). - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990). - CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991). - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992). These non-security issues were fixed: - bnc#935074: compare with SQL_NULL_DATA correctly - bnc#935074: fix segfault in odbc_fetch_array - bnc#919080: fix timezone map - bnc#925109: unserialize SoapClient type confusion Important SUSE bug 884986 SUSE bug 884987 SUSE bug 884989 SUSE bug 884990 SUSE bug 884991 SUSE bug 884992 SUSE bug 885961 SUSE bug 886059 SUSE bug 886060 SUSE bug 893849 SUSE bug 893853 SUSE bug 902357 SUSE bug 902360 SUSE bug 902368 SUSE bug 910659 SUSE bug 914690 SUSE bug 917150 SUSE bug 918768 SUSE bug 919080 SUSE bug 921950 SUSE bug 922451 SUSE bug 922452 SUSE bug 923945 SUSE bug 924972 SUSE bug 925109 SUSE bug 928506 SUSE bug 928511 SUSE bug 931421 SUSE bug 931769 SUSE bug 931772 SUSE bug 931776 SUSE bug 933227 SUSE bug 935074 SUSE bug 935224 SUSE bug 935226 SUSE bug 935227 SUSE bug 935229 SUSE bug 935232 SUSE bug 935234 SUSE bug 935274 SUSE bug 935275 SUSE bug 938719 SUSE bug 938721 SUSE bug 942291 SUSE bug 942296 SUSE bug 945412 SUSE bug 945428 SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 SUSE bug 977991 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 SUSE bug 981050 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 SUSE bug 982162 CVE-2004-1019 CVE-2006-7243 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5459 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2783 CVE-2015-2787 CVE-2015-3152 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5161 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for php53 fixes the following security issues: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element Important SUSE bug 987530 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 CVE-2014-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for php53 fixes the following issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for PostgreSQL SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 PostgreSQL has been updated to version 8.3.23 which fixes various bugs and one security issue. The security issue fixed in this release, CVE-2013-0255, allowed a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure. More information can be found at http://www.postgresql.org/about/news/1446/ <http://www.postgresql.org/about/news/1446/> Security Issue reference: * CVE-2013-0255 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255> SUSE bug 802679 CVE-2013-0255 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for puppet SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for puppet fixes a remote code execution vulnerability in the 'resource_type' service. (CVE-2013-4761) Additionally, the update prevents puppet from executing initialization scripts that could trigger a system reboot when handling 'puppet resource service' calls. Security Issue reference: * CVE-2013-4761 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761> SUSE bug 835122 SUSE bug 853982 CVE-2013-4761 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Python SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Python SUSE Linux Enterprise Server 11 SP2-LTSS Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues: * SSL Root Certificate validation is now enabled by default. (bnc#827982) * Fixed a overflow in socket.recvfrom_into where incorrect python programs could have been exploited remotely via a buffer overrun. (CVE-2014-1912) * Multiple unbound readline() DoS flaws in python stdlib have been fixed. (CVE-2013-1752) * Handling of embedded \0 in SSL certificate fields has been fixed. (CVE-2013-4238) * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters has been fixed. (CVE-2014-4650) Additionally, the following non-security issues have been fixed: * Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) * Fix usage of MD5 in hmac module when the cipher is not available in FIPS mode. (bnc#847135) * Update 'urlparse' module to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> * CVE-2014-1912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912> * CVE-2013-1752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752> * CVE-2014-4650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650> SUSE bug 827982 SUSE bug 834601 SUSE bug 847135 SUSE bug 856836 SUSE bug 859068 SUSE bug 863741 SUSE bug 872848 SUSE bug 885882 CVE-2013-1752 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for quagga SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of quagga fixes two security issues: * CVE-2013-0149: specially-crafted OSPF packets could have caused the routing table to be erased (bnc#822572) * CVE-2013-2236: local network stack overflow (bnc#828117) Security Issue references: * CVE-2013-2236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236> * CVE-2013-0149 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0149> SUSE bug 822572 SUSE bug 828117 CVE-2013-0149 CVE-2013-2236 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for ruby SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing Security Issue references: * CVE-2013-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164> * CVE-2009-0689 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689> SUSE bug 851803 CVE-2009-0689 CVE-2013-4164 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583). Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022). - Address unrecoverable winbind failure: 'key length too large' (bnc#934299). - Take resource group sids into account when caching netsamlogon data (bnc#912457). - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464). - Remove deprecated base_rid example from idmap_rid manpage (bnc#913304). - Purge printer name cache on spoolss SetPrinter change (bnc#901813). - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244). Important SUSE bug 295284 SUSE bug 773464 SUSE bug 901813 SUSE bug 912457 SUSE bug 913304 SUSE bug 934299 SUSE bug 948244 SUSE bug 949022 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bugs fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382). - Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console; (bsc#953382). - Make the winbind package depend on the matching libwbclient version and vice versa; (bsc#936909). Important SUSE bug 936909 SUSE bug 953382 SUSE bug 967017 SUSE bug 968222 CVE-2015-7560 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP2-LTSS samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 936862 SUSE bug 967017 SUSE bug 971965 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) - Honor smb.conf socket options in winbind. (bsc#975131) - Fix crash with net rpc join. (bsc#978898) - Fix a regression verifying the security trailer. (bsc#978898) - Fix updating netlogon credentials. (bsc#978898) Moderate SUSE bug 1003731 SUSE bug 1009711 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 975131 SUSE bug 978898 SUSE bug 993692 SUSE bug 997833 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for squid SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This squid update fixes a buffer overflow issue when squid attempts to resolve an overly long hostname. This can be triggered with specially crafted http requests. (bnc#829084, CVE-2013-4115) This update also includes a correction to the last change for logrotate. (bnc#677335) Security Issue reference: * CVE-2013-4115 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4115> SUSE bug 677335 SUSE bug 829084 CVE-2013-4115 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for squid3 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 A denial of service problem in Squid3 initiated via invalid Content-Length headers and memory leaks has been fixed. (CVE-2012-5643,CVE-2013-0189, SQUID-2012:1) Also a logrotate permission issue has been fixed. Security Issue references: * CVE-2012-5643 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643> * CVE-2013-0188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0188> SUSE bug 677335 SUSE bug 794954 SUSE bug 796999 CVE-2012-5643 CVE-2013-0188 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for strongswan SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018> SUSE bug 833278 SUSE bug 840826 SUSE bug 847506 CVE-2013-5018 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for stunnel SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for stunnel fixes a buffer overflow vulnerability caused by incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation (CVE-2013-1762). Security Issue reference: * CVE-2013-1762 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762> SUSE bug 807450 CVE-2013-1762 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for sudo SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following security issues which allowed to bypass the sudo authentication: CVE-2013-1775, CVE-2013-1776, CVE-2013-2776 and CVE-2013-2777. Security Issue references: * CVE-2013-1775 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775> * CVE-2013-1776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776> * CVE-2013-2776 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776> * CVE-2013-2777 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2777> SUSE bug 806919 SUSE bug 806921 SUSE bug 817349 SUSE bug 817350 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for systemtap SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This collective update for systemtap provides the following fixes: * Change how systemtap looks for tracepoint header files. (bnc#796574) * Systemtap manually loads libebl backends. Add libebl1 dependency. (bnc#800335) * Fix kernel panic when processing malformed DWARF unwind data. (bnc#748564, CVE-2012-0875) Security Issue reference: * CVE-2012-0875 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0875> SUSE bug 748564 SUSE bug 796574 SUSE bug 800335 CVE-2012-0875 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for tomcat6 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948) Security Issue references: * CVE-2012-3544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544> * CVE-2013-1976 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976> * CVE-2012-0022 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022> SUSE bug 768772 SUSE bug 804992 SUSE bug 818948 SUSE bug 822177 SUSE bug 831119 CVE-2012-0022 CVE-2012-3544 CVE-2013-1976 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for vino SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745> SUSE bug 843174 CVE-2013-5745 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for wget SUSE Linux Enterprise Server 11 SP2-LTSS wget was updated to fix one security issue and two non-security issues: * FTP symbolic link arbitrary filesystem access (CVE-2014-4877). * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877> SUSE bug 885069 SUSE bug 901276 SUSE bug 902709 CVE-2014-4877 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for wireshark SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html <https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html> Security Issue references: * CVE-2013-7112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112> * CVE-2013-7113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113> * CVE-2013-7114 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114> SUSE bug 855980 SUSE bug 856496 SUSE bug 856498 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 XEN has been updated to fix various bugs and security issues: * CVE-2013-0153: (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. * CVE-2012-6075: qemu: The e1000 had overflows under some conditions, potentially corrupting memory. * CVE-2013-0154: (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only) * CVE-2012-5634: (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed: * bnc#805094 - xen hot plug attach/detach fails * bnc#802690 - domain locking can prevent a live migration from completing * bnc#797014 - no way to control live migrations o fix logic error in stdiostream_progress o restore logging in xc_save o add options to control migration tunables * bnc#806736: enabling xentrace crashes hypervisor * Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) * bnc#798188 - Add $network to xend initscript dependencies * bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 * bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel * Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch * bnc#793927 - Xen VMs with more than 2 disks randomly fail to start * Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch * Update to Xen 4.1.4 c/s 23432 * Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures * Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch * Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. Security Issue references: * CVE-2013-0153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153> * CVE-2012-6075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075> * CVE-2012-5634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634> SUSE bug 793927 SUSE bug 794316 SUSE bug 797014 SUSE bug 797031 SUSE bug 797523 SUSE bug 798188 SUSE bug 799694 SUSE bug 800156 SUSE bug 800275 SUSE bug 802690 SUSE bug 805094 SUSE bug 806736 CVE-2012-5634 CVE-2012-6075 CVE-2013-0153 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen SUSE Linux Enterprise Server 11 SP2-LTSS xen was updated to fix 14 security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). * Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156). * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154). * Improper MSR range used for x2APIC emulation (CVE-2014-7188). * HVMOP_set_mem_type allows invalid P2M entries to be created (CVE-2014-3124). * HVMOP_set_mem_access is not preemptible (CVE-2014-2599). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). This non-security bug was fixed: * Increase limit domUloader to 32MB (bnc#901317). Security Issues: * CVE-2014-9030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9030> * CVE-2014-8867 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-8595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595> * CVE-2014-8594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8594> * CVE-2013-3495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3495> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188> * CVE-2014-3124 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-8866 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866> SUSE bug 826717 SUSE bug 867910 SUSE bug 875668 SUSE bug 880751 SUSE bug 895798 SUSE bug 895799 SUSE bug 895802 SUSE bug 897657 SUSE bug 901317 SUSE bug 903850 SUSE bug 903967 SUSE bug 903970 SUSE bug 905465 SUSE bug 905467 SUSE bug 906439 CVE-2013-3495 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP2-LTSS xen was updated to fix eight security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). Important SUSE bug 877642 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP2-LTSS xen was updated to fix 27 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). This non-security issue was fixed: - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 945989 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958523 SUSE bug 959005 SUSE bug 960707 SUSE bug 960725 SUSE bug 960861 SUSE bug 960862 SUSE bug 961691 SUSE bug 963782 SUSE bug 965315 SUSE bug 965317 SUSE bug 967013 SUSE bug 967630 SUSE bug 969350 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2015-5278 CVE-2015-7512 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8743 CVE-2015-8745 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2841 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP2-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) Important SUSE bug 973188 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 978164 SUSE bug 978295 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 982960 SUSE bug 983984 SUSE bug 988675 SUSE bug 995785 SUSE bug 995792 CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-7092 CVE-2016-7094 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP2-LTSS xen was updated to fix several security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652). - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) This non-security issue was fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 SUSE bug 990843 CVE-2016-6351 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Xen and libvirt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN has been fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest * virt-manager - SLE11-SP2 ONLY * bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2 from SLES10 Security Issue reference: * CVE-2012-3432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432> SUSE bug 746702 SUSE bug 762484 SUSE bug 762963 SUSE bug 764982 SUSE bug 766283 SUSE bug 773393 SUSE bug 773401 SUSE bug 773955 CVE-2012-3432 cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 XEN was updated 4.1.3 to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 The following related bugs in vm-install 0.5.12 have been fixed: * bnc#776300 - vm-install does not pass --extra-args in --upgrade * Add for support Open Enterprise Server 11 * Add support for Windows 8 and Windows Server 2012 * Add support for Ubuntu 12 (Precise Pangolin) Security Issue references: * CVE-2012-3496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496> * CVE-2012-3494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494> * CVE-2012-3495 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495> * CVE-2012-3498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498> * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515> SUSE bug 776300 SUSE bug 776995 SUSE bug 777084 SUSE bug 777086 SUSE bug 777088 SUSE bug 777090 SUSE bug 777091 CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 XEN was updated to fix various bugs and security issues: The following security issues have been fixed: * CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25) * CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA 20) * CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22) * CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA 23) * CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24) * CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) Also the following bugs have been fixed and upstream patches have been applied: * bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch * Upstream patches merged: 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch * bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497> * CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411> * CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535> * CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537> * CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536> * CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538> * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539> * CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544> SUSE bug 777890 SUSE bug 778105 SUSE bug 779212 SUSE bug 784087 SUSE bug 786516 SUSE bug 786517 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.patch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointers.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-crash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919> * CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920> * CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952> * CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964> * CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072> * CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076> * CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077> * CVE-2013-2078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078> SUSE bug 801663 SUSE bug 809662 SUSE bug 813673 SUSE bug 813675 SUSE bug 813677 SUSE bug 814709 SUSE bug 816156 SUSE bug 816159 SUSE bug 816163 SUSE bug 819416 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 XEN has been updated to version 4.1.6 which fixes various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-4329: XSA-61: libxl partially sets up HVM passthrough even with disabled iommu * CVE-2013-1432: XSA-58: x86: fix page refcount handling in page table pin error path * CVE-2013-2211: XSA-57: libxl allows guest write access to sensitive console related xenstore keys * xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) Various bugs have also been fixed: * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * migrate.py support of short options dropped by PTF (bnc#824676) * after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing (bnc#803712) * various upstream fixes have been included Security Issue references: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> * CVE-2013-2211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211> * CVE-2013-4329 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 803712 SUSE bug 823011 SUSE bug 823608 SUSE bug 823786 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833796 SUSE bug 834751 SUSE bug 839596 SUSE bug 839600 SUSE bug 839618 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4416 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 Xen has been updated to fix a security issue and a bug: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. A non-security bug has also been fixed: * It is possible to start a VM twice on the same node (bnc#840997) Security Issue references: * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> SUSE bug 840997 SUSE bug 848657 CVE-2013-4494 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2-LTSS The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor and toolset has been updated to fix various security issues and several bugs. The following security issues have been addressed: * XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) * XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) * XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) * XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) * XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) * XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) * XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) Also the following non-security bugs have been fixed: * Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * Fixed Xen hypervisor panic on 8-blades nPar with 46-bit memory addressing. (bnc#848014) * In HP's UEFI x86_64 platform and sles11sp3 with xen environment, dom0 will soft lockup on multiple blades nPar. (bnc#842417) * Soft lockup with PCI passthrough and many VCPUs (bnc#846849) Security Issue references: * CVE-2013-2212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212> * CVE-2013-4553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553> * CVE-2013-4554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554> * CVE-2013-6885 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885> * CVE-2014-1666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666> * CVE-2014-1891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891> * CVE-2014-1892 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892> * CVE-2014-1893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893> * CVE-2014-1894 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894> * CVE-2014-1950 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950> SUSE bug 831120 SUSE bug 833483 SUSE bug 842417 SUSE bug 846849 SUSE bug 848014 SUSE bug 849667 SUSE bug 849668 SUSE bug 853049 SUSE bug 860163 SUSE bug 860302 SUSE bug 861256 CVE-2013-2212 CVE-2013-4553 CVE-2013-4554 CVE-2013-6885 CVE-2014-1666 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 CVE-2014-1950 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2-LTSS The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests. * XSA-125: Long latency MMIO mapping operations were not preemptible. * CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. * CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. * CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Also fixed: * Regular crashes of dom-0 on different servers due to races in MCE access were fixed. bsc#907755 Security Issues: * CVE-2015-2044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044> * CVE-2015-2045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045> * CVE-2015-2151 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151> * CVE-2015-2756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756> SUSE bug 907755 SUSE bug 918995 SUSE bug 918998 SUSE bug 919464 SUSE bug 922705 SUSE bug 922706 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2756 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for Xen SUSE Linux Enterprise Server 11 SP2-LTSS Xen was updated to fix six security issues: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bsc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bsc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bsc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bsc#931628) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932996 CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#953527 - CVE-2015-5307: kernel: kvm/xen: x86: avoid guest->host DOS by intercepting #AC (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 953527 SUSE bug 954405 SUSE bug 956408 SUSE bug 956411 SUSE bug 956832 CVE-2015-5307 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8345 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xinetd SUSE Linux Enterprise Server 11 SP2-LTSS Xinetd receives a LTSS rollup update to fix two security issues: * CVE-2012-0862: xinetd enabled all services when tcp multiplexing is used. * CVE-2013-4342: xinetd ignored user and group directives for tcpmux services, running services as root. While both issues are not so problematic on their own, in combination the impact is greater and enabling tcpmux would be risky. Security Issues: * CVE-2013-4342 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342> * CVE-2012-0862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862> SUSE bug 762294 SUSE bug 844230 CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xorg-x11-server SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424> SUSE bug 853846 CVE-2013-6424 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update fixes a stack buffer overflow in xorg-x11 in the bdfReadCharacters() function. CVE-2013-6462 has been assigned to this issue. Security Issue reference: * CVE-2013-6462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462> SUSE bug 854915 CVE-2013-6462 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libX11 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664). Security Issue references: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP2-LTSS xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:suse_sles_ltss:11:sp2 Security update for xorg-x11-libXext SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXp SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXrender SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXt SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libXv SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for xorg-x11-libxcb SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064> SUSE bug 818829 SUSE bug 821584 CVE-2013-2064 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for zypper SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 The following issue has been fixed: * The zypper setuid wrapper linked against libzypp. This is not needed and added unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. Security Issue reference: * CVE-2012-0420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0420> SUSE bug 770630 CVE-2012-0420 cpe:/o:suse:sles:11:sp2:vmware cpe:/o:suse:sles_sap:11:sp2 cpe:/o:suse:suse_sles:11:sp2 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MozillaFirefox was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538) * Use-after-free with SMIL Animation Controller. (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue: * Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues references: * CVE-2014-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533> * CVE-2014-1534 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534> * CVE-2014-1536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536> * CVE-2014-1537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537> * CVE-2014-1538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538> * CVE-2014-1541 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541> * CVE-2014-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545> SUSE bug 881874 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Image Magick SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 ImageMagick has been updated to fix four security issues: * Crafted jpeg file could have lead to a Denial of Service (CVE-2014-8716). * Out-of-bounds memory access in resize code (CVE-2014-8354) * Out-of-bounds memory access in PCX parser (CVE-2014-8355). * Out-of-bounds memory error in DCM decode (CVE-2014-8562). Security Issues: * CVE-2014-8716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716> * CVE-2014-8355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355> * CVE-2014-8354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354> * CVE-2014-8562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562> SUSE bug 903204 SUSE bug 903216 SUSE bug 903638 SUSE bug 905260 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vulnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Important SUSE bug 978061 CVE-2016-3714 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Important SUSE bug 982178 CVE-2016-5118 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA ImageMagick was updated to fix 55 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent file descriptr leak due to corrupted file (bsc#983774). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9820: heap overflow in xpm files (bsc#984150). - CVE-2014-9823: heap overflow in palm file (bsc#984401). - CVE-2014-9822: heap overflow in quantum file (bsc#984187). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9807: Fix a double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). Important SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984181 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9842 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] Moderate SUSE bug 991445 SUSE bug 991872 CVE-2016-6491 CVE-2016-6520 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Important SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000709 SUSE bug 1000711 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1007245 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-5687 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7533 CVE-2016-7535 CVE-2016-7537 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] * CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Moderate SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2016-7530 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433). - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436). - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439). - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5511 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Important SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9501 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135). - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219). - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430). - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873). Moderate SUSE bug 1050135 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2017-11534 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060577 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 CVE-2017-11188 CVE-2017-11478 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14733 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422). - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422). - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550). - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049). - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063). - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460). - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large 'length' field in the header but did not contain sufficient backing data, is provided, the loop over 'length' would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723). - CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053). - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050). Moderate SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720). - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065). - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446). - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731). - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732). - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323). - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434). - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898). - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120). - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468). - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550). - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710). - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640). - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606). - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855). - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751). - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123). - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373) - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252) - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771) - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082) - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425). - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412). - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902). - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122). - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) Moderate SUSE bug 1042948 SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1049373 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051412 SUSE bug 1051446 SUSE bug 1052252 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1052771 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058082 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074123 SUSE bug 1074425 SUSE bug 1074610 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-11141 CVE-2017-11449 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 CVE-2017-12430 CVE-2017-12434 CVE-2017-12564 CVE-2017-12642 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14249 CVE-2017-14326 CVE-2017-14533 CVE-2017-17680 CVE-2017-17881 CVE-2017-17882 CVE-2017-18022 CVE-2017-9409 CVE-2018-5246 CVE-2018-5247 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635). - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185) - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - Prevent memory leak in svg.c, which allowed attackers to cause a denial of service via a crafted SVG image file (bsc#1074120) - Prevent small memory leak when processing PWP image files (bsc#1074309) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Moderate SUSE bug 1042824 SUSE bug 1048110 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1058009 SUSE bug 1074119 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11448 CVE-2017-11450 CVE-2017-11537 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17885 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) Moderate SUSE bug 1042911 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050132 SUSE bug 1052754 SUSE bug 1072898 CVE-2017-11528 CVE-2017-11530 CVE-2017-11533 CVE-2017-12663 CVE-2017-17682 CVE-2017-9405 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1084060 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-9500 CVE-2018-7443 CVE-2018-8804 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781) - security update (wand) * CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (core) * CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (tiff.c) * CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782) Moderate SUSE bug 1047356 SUSE bug 1086773 SUSE bug 1086782 SUSE bug 1087027 SUSE bug 1087033 SUSE bug 1087037 SUSE bug 1089781 CVE-2017-1000476 CVE-2017-10928 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Moderate SUSE bug 1056277 SUSE bug 1094204 SUSE bug 1094237 SUSE bug 1095812 SUSE bug 1098545 SUSE bug 1098546 SUSE bug 1102003 SUSE bug 1102004 SUSE bug 1102005 SUSE bug 1102007 CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable (bsc#1105592) Important SUSE bug 1105592 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Moderate SUSE bug 1074170 SUSE bug 1106855 SUSE bug 1106989 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1108282 SUSE bug 1108283 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399) - CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609) - CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129) - CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635) Moderate SUSE bug 1050129 SUSE bug 1050635 SUSE bug 1107609 SUSE bug 1112399 CVE-2017-11532 CVE-2017-11639 CVE-2017-14997 CVE-2018-16644 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1113064 SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). Moderate SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132060 SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 CVE-2019-10650 CVE-2019-11007 CVE-2019-11009 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-9956 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Low SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11598 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425). Moderate SUSE bug 1138425 SUSE bug 1138464 CVE-2019-11597 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140513 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1141171 CVE-2019-12975 CVE-2019-12976 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13301 CVE-2019-13311 CVE-2019-13454 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1133204 SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151786 CVE-2019-11472 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16713 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Moderate SUSE bug 1159861 SUSE bug 1160369 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2017-11527: Fixed a denial of service in inReadDPXImage() (bsc#1047054). Moderate SUSE bug 1047054 CVE-2017-11527 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2020-27560: Fixed potential denial of service in OptimizeLayerFrames function in MagickCore/layer.c (bsc#1178067). Moderate SUSE bug 1178067 CVE-2020-27560 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179212 SUSE bug 1179269 SUSE bug 1179281 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763 CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27771 CVE-2020-27772 CVE-2020-27775 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836). - CVE-2020-25665: Fixed heap-based buffer overflow in WritePALMImage (bsc#1179208). Moderate SUSE bug 1179208 SUSE bug 1181836 CVE-2020-25665 CVE-2021-20176 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c - CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c - CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c Moderate SUSE bug 1182325 SUSE bug 1182336 SUSE bug 1182337 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) Moderate SUSE bug 1184624 SUSE bug 1184627 SUSE bug 1184628 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ImageMagick fixes the following issues: - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Moderate SUSE bug 1199350 CVE-2022-28463 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Important SUSE bug 1017711 SUSE bug 1017712 CVE-2016-9941 CVE-2016-9942 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). Moderate SUSE bug 1081493 CVE-2018-7225 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Important SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173880 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles:11:sp3:teradata Security update for Mesa (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Bug fixes: - Initialize AMD RSxxx chipsets correctly, fixing corruption of the graphical login screen (bsc#985650). Moderate SUSE bug 1156015 SUSE bug 985650 CVE-2019-5068 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737> * CVE-2013-1735 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735> * CVE-2013-1736 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736> * CVE-2013-1732 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732> * CVE-2013-1730 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730> * CVE-2013-1726 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726> * CVE-2013-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725> * CVE-2013-1722 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722> * CVE-2013-1718 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718> * CVE-2013-1705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705> SUSE bug 840485 CVE-2013-1705 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1726 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Important SUSE bug 967087 CVE-2016-1523 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Important SUSE bug 977333 SUSE bug 977374 SUSE bug 977376 SUSE bug 977381 SUSE bug 977386 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2831 CVE-2016-2834 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Important SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Important SUSE bug 1027527 SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes: - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Important SUSE bug 1025108 SUSE bug 1031485 SUSE bug 1035082 SUSE bug 1043960 SUSE bug 930392 SUSE bug 930496 SUSE bug 935510 SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes: - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Important SUSE bug 1031485 SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). - CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872). - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Non-security issues fixed: - Fix broken language plugins (bsc#1137792) Important SUSE bug 1137792 SUSE bug 1138614 SUSE bug 1138872 SUSE bug 1140868 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Update Firefox Extended Support Release to 68.3.0 ESR (MFSA 2019-37 / bsc#1158328) Security issues fixed: - CVE-2019-17008: Use-after-free in worker destruction (bmo#1546331). - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156). - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher (bmo#1586176). - CVE-2019-17009: Updater temporary files accessible to unprivileged processes (bmo#1510494). - CVE-2019-17010: Use-after-free when performing device orientation checks (bmo#1581084). - CVE-2019-17005: Buffer overflow in plain text serializer (bmo#1584170). - CVE-2019-17011: Use-after-free when retrieving a document in antitracking (bmo#1591334). - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502). Update mozilla-nss to version 3.47.1 (bsc#1158527): Security issues fixed: - CVE-2019-11745: EncryptUpdate should use maxout, not block size. Bug fixes: - Fix a crash that could be caused by client certificates during startup (bmo#1590495, bsc#1158527) - Fix compile-time warnings from uninitialized variables in a perl script (bmo#1589810) - Support AES HW acceleration on ARMv8 (bmo#1152625) - Allow per-socket run-time ordering of the cipher suites presented in ClientHello (bmo#1267894) - Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501) - Remove arbitrary HKDF output limit by allocating space as needed (bmo#1577953) Update mozilla-nspr to version 4.23: Bug fixes: - fixed a build failure that was introduced in 4.22 - correctness fix for Win64 socket polling - whitespace in C files was cleaned up and no longer uses tab characters for indenting - added support for the ARC architecture - removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS - correctness and build fixes Important SUSE bug 1158328 SUSE bug 1158527 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR (bsc#1163368). Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process (bsc#1163368). - CVE-2020-6798: Fixed a JavaScript code injection issue caused by the incorrect parsing of template tags (bsc#1163368). - CVE-2020-6799: Fixed a local arbitrary code execution issue when handling PDF links from other applications (bsc#1163368). - CVE-2020-6800: Fixed several memory safety bugs (bsc#1163368). Non-security issues fixed: - Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726). Important SUSE bug 1161799 SUSE bug 1163368 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.6.1 ESR MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.8.0 ESR MFSA 2020-17 (bsc#1171186) * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-12388 (bmo#1618911) Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389 (bmo#1554110) Sandbox escape with improperly separated process types * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Since firefox-gcc8 now has disabled autoreqprov for firefox-libstdc++6 and firefox-libgcc_s1, those packages don't provide some capabilities, we have to disable AutoReqProv in MozillaFirefox too so they're not added as automatic requirements. (bsc#1162828) Important SUSE bug 1162828 SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1166238 SUSE bug 1167231 SUSE bug 1173576 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading (boo#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe (MFSA 2020-32) (bsc#1174538). * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Moderate SUSE bug 1173948 SUSE bug 1173991 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). Moderate SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Fixed problems with compiler builtins on SLE-11 (bsc#1175046) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1175046 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Low SUSE bug 1181848 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Moderate SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16: * required for Firefox 29 * CVE-2014-1492: In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532> * CVE-2014-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531> * CVE-2014-1530 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530> * CVE-2014-1529 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529> * CVE-2014-1524 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524> * CVE-2014-1523 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523> * CVE-2014-1520 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520> * CVE-2014-1518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518> SUSE bug 865539 SUSE bug 869827 SUSE bug 875378 SUSE bug 875803 CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed: * Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815) * Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813) * resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816) * CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807) * Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801) Security Issues: * CVE-2015-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801> * CVE-2015-0807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807> * CVE-2015-0813 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813> * CVE-2015-0814 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814> * CVE-2015-0816 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816> SUSE bug 925368 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0816 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix: * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes * Enable atomic instructions on mips (bmo#1129878) * Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, rust-cbindgen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox, rust-cbindgen fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Firefox Extended Support Release 91.1.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274) * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) (bmo#1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) (bmo#1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891) * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 rust-cbindgen was updated to 0.19.0. Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles:11:sp3:teradata Recommended update for NetworkManager-kde4 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it to NetworkManager for it to do a network validation in the absence of a real certificate (bsc#726349) - Disabled the loading by default of the NetworkManager plasma applet since it doesn't work. - Fixed a crash due to the use of an uninitialized variable in the plasma applet in case someone runs it manually (bsc#663413) Moderate SUSE bug 663413 SUSE bug 726349 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) * CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp. (This was already fixed by the previous update bug not referenced.) (bsc#1040112) Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-9110 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578). Moderate SUSE bug 1169574 SUSE bug 1169576 SUSE bug 1169578 CVE-2020-11761 CVE-2020-11763 CVE-2020-11764 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879). - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879). Moderate SUSE bug 1179879 CVE-2020-16588 CVE-2020-16589 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: - CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173) - CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172) Moderate SUSE bug 1184172 SUSE bug 1184173 CVE-2021-3475 CVE-2021-3476 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function Important SUSE bug 1184354 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3605 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Moderate SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1192556 CVE-2021-20298 CVE-2021-20300 CVE-2021-20303 CVE-2021-20304 CVE-2021-3941 cpe:/o:suse:sles:11:sp3:teradata Security update for SDL (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sles:11:sp3:teradata Security update for SDL (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for SDL fixes the following issues: Secuirty issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). Moderate SUSE bug 1141844 CVE-2019-13616 cpe:/o:suse:sles:11:sp3:teradata Security update for SDL (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for SDL fixes the following issues: - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c (bsc#1181201). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (bsc#1124825). - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c (bsc#1181202). Important SUSE bug 1124825 SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2019-7637 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles:11:sp3:teradata Security update for SuSEfirewall2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Moderate SUSE bug 1064127 CVE-2017-15638 cpe:/o:suse:sles:11:sp3:teradata Security update for a2ps SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The text to postscript converter a2ps received a security update. The fixps script did not call ghostscript with the -DSAFER option, allowing command execution by attacker supplied postscript files. Security Issue reference: * CVE-2014-0466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466> SUSE bug 871097 CVE-2014-0466 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for adns (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles:11:sp3:teradata Security update for aide (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles:11:sp3:teradata Security update for amanda (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916). Moderate SUSE bug 1112916 CVE-2016-10729 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible to version 2.2.0.0 fixes the following issues: - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037). - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038). - CVE-2016-8647: in some circumstances the mysql_user module may fail to correctly change a password (bsc#1010940). - CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021). For more information about the upstream bugs fixed please see /usr/share/doc/packages/ansible/CHANGELOG.md Moderate SUSE bug 1008037 SUSE bug 1008038 SUSE bug 1010940 SUSE bug 1019021 CVE-2016-8614 CVE-2016-8628 CVE-2016-8647 CVE-2016-9587 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. (bsc#1038785) Moderate SUSE bug 1038785 CVE-2017-7481 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: Ansible was updated to 2.3.2.0. A full list of changes can be found in /usr/share/doc/packages/ansible/CHANGELOG.md Security issues fixed: - CVE-2017-7550: Passing passwords in the params field in the Jenkins plugin was disallowed as it can be leaked into log files because contents of params are not protected. Instead, the password now must be configured separately as url_password. (bsc#1065872) Important SUSE bug 1059235 SUSE bug 1065872 CVE-2017-7550 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible, python-straight-plugin (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible, python-straight-plugin fixes the following issues: ansible was updated to version 2.9.9 Security issues fixed: - CVE-2020-1753: Fixed an issue where kubectl connection plugin leaks sensitive information (bsc#1166389). - CVE-2020-1746: Fixed a potential information leak in ldap_attr and ldap_entry modules (bsc#1165393). - CVE-2020-1733,CVE-2020-10744: Fixed a race condition and insecure permissions which could have allowed another user on the node to gain control of the become user (bsc#1171823 and bsc#1164140). - CVE-2020-1740: Fixed a potential secret leak to other local users (bsc#1164135). - CVE-2020-1739: Fixed an issue which could have disclosed the password to other users within the same node, when it was set with the argument 'password' of svn module (bsc#1164133). - CVE-2020-1738: Fixed an issue which could have allowed a malicious user to select the module sent to the node (bsc#1164136). - CVE-2020-1737: Fixed an issue in extract-zip which could have allowed path traversal attacks (bsc#1164138). - CVE-2020-1736: Fixed an improper implementation of impatomic_move primitive which could have resulted in world-readable or with less restricted permissions before the move files in the destination (bsc#1164134). - CVE-2020-1735: Fixed a potential path injection which could have allowed a remote user to choose the destination path on the controller node (bsc#1164137). - CVE-2020-1734: Fixed an improper default setting in pipe lookup plugin which could have allowed running arbitrary commands by overwriting ansible facts (bsc#1164139). - CVE-2020-10729: Fixed an issue where two random password lookups in same task return same value (bsc#1171162). - CVE-2020-10691: Fixed an improper sanitization in ansible-galaxy which could have allowed attackers to execute archive traversal attacks (bsc#1167873). - CVE-2020-10685: Fixed an potential information disclosure when a module was using a file that was encrypted with vault (bsc#1167440) - CVE-2020-10684: Fixed a potential code injection when ansible_facts was used as a subkey (bsc#1167532). - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503). - CVE-2019-14905: Fixed a potential command injection in nxos_file_copy (bsc#1157569). - CVE-2019-14904: Fixed an issue which could have allowed a malicious user to execute commands into the server manipulating the module behaviour (bsc#1157968). - CVE-2019-14864: Fixed an issue which could have led to sensitive information disclosure (bsc#1154830). - CVE-2019-14858: Fixed an issue where data in the sub parameter would have presented with increased verbosity (bsc#1154231) - CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (bsc#1154232). - CVE-2019-14846: Fixed an issue which could have allowed secrets disclosure on logs due to hardcoded display to DEBUG level (bsc#1153452) - CVE-2019-10217: Fixed an issue with fields managing sensitive data which could have leaked sensitive data when running ansible playbooks (bsc#1144453). - CVE-2019-10206: Fixed improper implementation of ansible-playbook -k and ansible cli tools when prompt passwords (bsc#1142690). - CVE-2019-10156: Fixed an issue when templating which could have caused an unexpected key file to be set on remote node (bsc#1137528). - CVE-2018-16876: Fixed an issue in retry task when run with -vvv fails which could have leaked sensitive data (bsc#1118896). - CVE-2018-16837: Fixed an issue which user module was leaking any data had been passed on as a parameter to ssh-keygen (bsc#1112959). - CVE-2018-10875: Fixed an issue with ansible.cfg which could have allowed an attaker to execute arbitrary code. (bsc#1099808) - CVE-2018-10855: Fixed a potential sensitive information disclosure log files and on the terminal of the user running Ansible when the no_log flag has been used (bsc#1097775). - CVE-2017-7550: Fixed an issue on the way parameters are passed to jenkins_plugin module allowing remote attackers to expose sensitive information from a remote host's logs (bsc#1065872). Other issues addressed: - Created missing (empty) template and files directories for 'ansible-galaxy init' during package build (bsc#1137479) - Added python-passlib which is needed for the 'vars_prompt' feature of ansible (bsc#1080682) Moderate SUSE bug 1065872 SUSE bug 1080682 SUSE bug 1097775 SUSE bug 1099808 SUSE bug 1102126 SUSE bug 1109957 SUSE bug 1112959 SUSE bug 1118896 SUSE bug 1126503 SUSE bug 1137479 SUSE bug 1137528 SUSE bug 1142542 SUSE bug 1142690 SUSE bug 1144453 SUSE bug 1153452 SUSE bug 1154231 SUSE bug 1154232 SUSE bug 1154830 SUSE bug 1157968 SUSE bug 1157969 SUSE bug 1164133 SUSE bug 1164134 SUSE bug 1164135 SUSE bug 1164136 SUSE bug 1164137 SUSE bug 1164138 SUSE bug 1164139 SUSE bug 1164140 SUSE bug 1165393 SUSE bug 1166389 SUSE bug 1167440 SUSE bug 1167532 SUSE bug 1171162 SUSE bug 1171823 CVE-2016-8647 CVE-2017-7550 CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-10156 CVE-2019-10206 CVE-2019-10217 CVE-2019-14846 CVE-2019-14856 CVE-2019-14858 CVE-2019-14864 CVE-2019-14904 CVE-2019-14905 CVE-2019-3828 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 CVE-2020-10729 CVE-2020-10744 CVE-2020-1733 CVE-2020-1734 CVE-2020-1735 CVE-2020-1736 CVE-2020-1737 CVE-2020-1738 CVE-2020-1739 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: - CVE-2020-14330: Fixed an issue where 'no log' values are not stripped from module response keys (bsc#1174145). Sensitive values marked with ``no_log=True`` will automatically have that value stripped from module return values. If your module could return these sensitive values as part of a dictionary key name, you should call the ``ansible.module_utils.basic.sanitize_keys()`` function to strip the values from the keys. See the ``uri`` module for an example. Moderate SUSE bug 1174145 CVE-2020-14330 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: Update to ansible 2.9.14: - CVE-2020-1753, bsc#1166389: Kubectl connection plugin - connection plugin now redact kubectl_token and kubectl_password in console log. - revert CVE-2020-1736. Users are encouraged to specify a mode parameter in their file-based tasks when the files being manipulated contain sensitive data. - CVE-2020-14365, bsc#1175993: Previously, regardless of the disable_gpg_check option, packages were not GPG validated. They are now. - CVE-2020-14332, bsc#1174302: copy - Redact the value of the no_log 'content' parameter in the result's invocation.module_args in check mode. Previously when used with check mode and with '-vvv', the module would not censor the content if a change would be made to the destination path. - CVE-2020-1736, bsc#1164134: atomic_move - Change default permissions when creating temporary files so they are not world readable - CVE-2020-14330, bsc#1174145: Sanitize no_log values from any response keys that might be returned from the uri module. - CVE-2019-14846, bsc#1153452: Reset logging level to INFO. - CVE-2020-10744, bsc#1171823, gh#ansible/ansible#69782: incomplete fix for CVE-2020-1733 Moderate SUSE bug 1153452 SUSE bug 1164134 SUSE bug 1166389 SUSE bug 1171823 SUSE bug 1174145 SUSE bug 1174302 SUSE bug 1175993 SUSE bug 1177948 CVE-2019-14846 CVE-2020-10744 CVE-2020-14330 CVE-2020-14332 CVE-2020-14365 CVE-2020-1733 CVE-2020-1736 CVE-2020-1753 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: - Update to 2.9.22: - CVE-2021-3447: multiple modules expose secured values (bsc#1183684) - CVE-2021-20228: basic.py no_log with fallback option (bsc#1181935) - CVE-2021-20191: multiple collections exposes secured values (bsc#1181119) - CVE-2021-20180: bitbucket_pipeline_variable exposes sensitive values (bsc#1180942) - CVE-2021-20178: user data leak in snmp_facts module (bsc#1180816) Moderate SUSE bug 1180816 SUSE bug 1180942 SUSE bug 1181119 SUSE bug 1181935 SUSE bug 1183684 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 cpe:/o:suse:sles:11:sp3:teradata Security update for ansible (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ansible fixes the following issues: Update to 2.9.27: - CVE-2021-3620: ansible-connection module discloses sensitive info in traceback error message (bsc#1187725). - CVE-2021-3583: Template Injection through yaml multi-line strings with ansible facts used in template (bsc#1188061). - ansible module nmcli is broken in ansible 2.9.13 (bsc#1176460) Important SUSE bug 1176460 SUSE bug 1187725 SUSE bug 1188061 CVE-2021-3583 CVE-2021-3620 cpe:/o:suse:sles:11:sp3:teradata Security update for ant (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to 'true' Moderate SUSE bug 1100053 CVE-2018-10886 cpe:/o:suse:sles:11:sp3:teradata Security update for ant (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ant fixes the following issues: - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). Moderate SUSE bug 1188469 CVE-2021-36374 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183) Bugs fixed: - add SSLSessionTickets directive (bsc#941676) - hardcode modules %files (bsc#444878) - only enable the port 443 for TCP protocol, not UDP. (bsc#931002) Moderate SUSE bug 444878 SUSE bug 931002 SUSE bug 938728 SUSE bug 941676 CVE-2015-3183 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) Moderate SUSE bug 988488 CVE-2016-5387 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715). Moderate SUSE bug 1016714 SUSE bug 1016715 CVE-2016-2161 CVE-2016-8743 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830) - Don't put the backend in error state (by default) when 500/503 error code is overridden. (bsc#951692) - Allow single-char field names inadvertently disallowed in 2.2.32. Moderate SUSE bug 1041830 SUSE bug 1048576 SUSE bug 951692 CVE-2017-9788 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Moderate SUSE bug 1045060 SUSE bug 1045061 SUSE bug 1045062 SUSE bug 1045065 SUSE bug 1052830 SUSE bug 1058058 SUSE bug 1064561 CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775] Moderate SUSE bug 1086775 SUSE bug 1086776 SUSE bug 1086817 CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Important SUSE bug 1131239 SUSE bug 1131241 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Moderate SUSE bug 1145738 SUSE bug 1145740 CVE-2019-10092 CVE-2019-10098 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1169066 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - Fixed potential content spoofing with default error pages(bsc#118270) Moderate SUSE bug 1145740 SUSE bug 1182703 CVE-2019-10092 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest Important SUSE bug 1186922 SUSE bug 1187174 CVE-2020-35452 CVE-2021-30641 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) Important SUSE bug 1190666 CVE-2021-39275 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197095 SUSE bug 1197096 CVE-2022-22720 CVE-2022-22721 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2-mod_jk (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). - CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845). Moderate SUSE bug 1114612 SUSE bug 927845 CVE-2014-8111 CVE-2018-11759 cpe:/o:suse:sles:11:sp3:teradata Security update for apache2-mod_nss (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Moderate SUSE bug 975394 SUSE bug 979688 CVE-2013-4566 CVE-2014-3566 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for apache2-mod_perl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apache2-mod_perl fixes the following issues: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Moderate SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following vulnerabilities in php: * Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) * Integer overflow in unserialize(). (CVE-2014-3669) * Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668) Security Issues: * CVE-2014-3669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669> * CVE-2014-3670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670> * CVE-2014-3668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668> SUSE bug 902357 SUSE bug 902360 SUSE bug 902368 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for apache2-mod_security2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This apache2-mod_security2 update fixes the following security issue: * bnc#871309: bypass of intended rules via chunked requests (CVE-2013-5705) Security Issues: * CVE-2013-5705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705> SUSE bug 871309 CVE-2013-5705 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apport fixes the following issues: Security issue fixed: - CVE-2015-1338: Insecurely created crash dumps could lead to a DoS or privilege escalation through malicious symlinks. (bsc#947731) Moderate SUSE bug 947731 CVE-2015-1338 cpe:/o:suse:sles:11:sp3:teradata Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apport fixes the following issues: Security issues fixed: - CVE-2019-7307: Fixed a TOCTOU issue, which allows local users to read arbitrary files. (bsc#1140986) Moderate SUSE bug 1140986 CVE-2019-7307 cpe:/o:suse:sles:11:sp3:teradata Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for apport fixes the following issues: - CVE-2019-11482: Fixed TOCTTOU race conditions when creating a core file (bsc#1155479). - CVE-2019-11485: Fixed a permission issue with the directory of lock files (bsc#1155481) - CVE-2019-15790: Fixed the privilleges that reads /proc/$PID/ files to avoid potential information disclosure (bsc#1155482). - CVE-2020-15701: Fixed a denial of service while parsing apport-ignore.xml (bsc#1174108). Moderate SUSE bug 1155479 SUSE bug 1155481 SUSE bug 1155482 SUSE bug 1174108 CVE-2019-11482 CVE-2019-11485 CVE-2019-15790 CVE-2020-15701 cpe:/o:suse:sles:11:sp3:teradata Security update for arpwatch (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles:11:sp3:teradata Security update for aspell (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for aspell fixes the following issues: - CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892). Moderate SUSE bug 1153892 CVE-2019-17544 cpe:/o:suse:sles:11:sp3:teradata Security update for aspell (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for aspell fixes the following security issue: - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Moderate SUSE bug 1161982 CVE-2019-20433 cpe:/o:suse:sles:11:sp3:teradata Security update for aspell (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles:11:sp3:teradata Security update for atftp (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles:11:sp3:teradata Security update for atftp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for atftp fixes the following issues: - CVE-2021-41054: Fixed buffer overflow caused by combination of data, OACK, and other options (bsc#1190522). Moderate SUSE bug 1190522 CVE-2021-41054 cpe:/o:suse:sles:11:sp3:teradata Security update for atftp (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for atftp fixes the following issues: - CVE-2021-46671: Fixed a potential information leak in atftpd (bnc#1195619). Low SUSE bug 1195619 CVE-2021-46671 cpe:/o:suse:sles:11:sp3:teradata Security update for audiofile (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Moderate SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sles:11:sp3:teradata Security update for augeas SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Augeas has been updated to fix a symlink overwrite problem (CVE-2012-0786, CVE-2013-6412). Also a bug has been fixed where 'augtool -s set was failing' (bnc#876044) Additionally parsing the multipath configuration has been fixed. bnc#871323 Security Issues: * CVE-2012-0786 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786> * CVE-2013-6412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412> SUSE bug 853044 SUSE bug 871323 SUSE bug 876044 SUSE bug 885003 CVE-2012-0786 CVE-2013-6412 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for augeas (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for augeas (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for augeas fixes the following issues: Security issues fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). - CVE-2014-8119: Fix improper handling of escaped strings leading to memory corruption (bsc#925225). Moderate SUSE bug 1054171 SUSE bug 925225 CVE-2014-8119 CVE-2017-7555 cpe:/o:suse:sles:11:sp3:teradata Security update for automake SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of automake fixes a race condition in 'distcheck'. (CVE-2012-3386) Also a bug where world writeable tarballs were generated during 'make dist' has been fixed (CVE-2009-4029). Security Issue references: * CVE-2012-3386 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386> * CVE-2009-4029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029> SUSE bug 559815 SUSE bug 770618 CVE-2012-3386 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sles:11:sp3:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for avahi fixes the following issues: - increase data and stack limits to fix remote denial of service (bsc#1085255). Moderate SUSE bug 1085255 cpe:/o:suse:sles:11:sp3:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827). - Add sudo to requires: used to drop privileges. Moderate SUSE bug 1180827 CVE-2021-26720 cpe:/o:suse:sles:11:sp3:teradata Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Moderate SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles:11:sp3:teradata Security update for axis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Moderate SUSE bug 1103658 CVE-2018-8032 cpe:/o:suse:sles:11:sp3:teradata Security update for axis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Moderate SUSE bug 1134598 CVE-2012-5784 CVE-2014-3596 cpe:/o:suse:sles:11:sp3:teradata Security update for bash SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169> * CVE-2014-7186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186> * CVE-2014-7187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187> SUSE bug 898346 SUSE bug 898603 SUSE bug 898604 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bash (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396) - CVE-2014-6278: code execution vulnerability via fd redirection (bsc#898884) - CVE-2014-6277: Remote attackers could have executed arbitrary code or caused a denial of service due to improper parsing of function definitions in the values of environment variables (bsc#898812) The following bugs were fixed: - bsc#971410: bash script would teminated unexpectedly due to mishandled recursive traps - bsc#913701: bash hangs if DEBUG trap is enabled The following documentation updates are included: - bsc#959755: Make clear that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not. Important SUSE bug 1000396 SUSE bug 1001299 SUSE bug 898812 SUSE bug 898884 SUSE bug 913701 SUSE bug 959755 SUSE bug 971410 CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles:11:sp3:teradata Security update for bash (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) Low SUSE bug 1010845 SUSE bug 1031729 SUSE bug 976776 CVE-2016-9401 cpe:/o:suse:sles:11:sp3:teradata Security update for bind SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> SUSE bug 858639 CVE-2014-0591 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Critical) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Moderate SUSE bug 1024130 CVE-2017-3135 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Important SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Important SUSE bug 1034162 CVE-2017-3137 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:sles:11:sp3:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - Removed rndc.key generation from bind.spec file (bsc#1092283, bsc#1033843) bind should create the key on first boot or if it went missing. Important SUSE bug 1033843 SUSE bug 1092283 SUSE bug 1109160 SUSE bug 1171740 SUSE bug 1172220 SUSE bug 1172680 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles:11:sp3:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles:11:sp3:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). Important SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 cpe:/o:suse:sles:11:sp3:teradata Security update for bind (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). Important SUSE bug 1192146 CVE-2021-25219 cpe:/o:suse:sles:11:sp3:teradata Security update for bind (Moderate) (in QA) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bind fixes the following issues: - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). This patch is currently in QA and not yet available for download. Moderate SUSE bug 1197135 CVE-2021-25220 cpe:/o:suse:sles:11:sp3:teradata Security update for binutils SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 binutils has been updated to fix eight security issues: * Lack of range checking leading to controlled write in _bfd_elf_setup_sections() (CVE-2014-8485). * Invalid read flaw in libbfd (CVE-2014-8484). * Write to uninitialized memory in the PE parser (CVE-2014-8501). * Crash in the PE parser (CVE-2014-8502). * Segfault in the ihex parser when it encounters a malformed ihex file (CVE-2014-8503). * Stack buffer overflow in srec_scan (CVE-2014-8504). * Out-of-bounds memory write while processing a crafted 'ar' archive (CVE-2014-8738). * Directory traversal vulnerability allowing random file deletion/creation (CVE-2014-8737). Security Issues: * CVE-2014-8501 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501> * CVE-2014-8502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502> * CVE-2014-8503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503> * CVE-2014-8504 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504> * CVE-2014-8485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485> * CVE-2014-8738 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738> * CVE-2014-8484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484> * CVE-2014-8737 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737> SUSE bug 902676 SUSE bug 902677 SUSE bug 903655 SUSE bug 905735 SUSE bug 905736 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for bluez (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bluez fixes the following issues: Security issue fixed: - CVE-2017-1000250: Fixed Out-of-bounds heap read in service_search_attr_req check if there is enough data to continue otherwise return an error (bsc#1057342). Moderate SUSE bug 1057342 CVE-2017-1000250 cpe:/o:suse:sles:11:sp3:teradata Security update for bsdtar (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for bsdtar (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bsdtar fixes the following issues: - CVE-2015-8915: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985601). - CVE-2015-8925: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985706). - CVE-2017-14503: Fixed an out of bounds read within lha_read_data_none() in archive_read_support_format_lha.c (bsc#1059139). - CVE-2016-8687: Fixed a buffer overflow when printing a filename (bsc#1005070). Moderate SUSE bug 1005070 SUSE bug 1059139 SUSE bug 985601 SUSE bug 985706 CVE-2015-8915 CVE-2015-8925 CVE-2016-8687 CVE-2017-14503 cpe:/o:suse:sles:11:sp3:teradata Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles:11:sp3:teradata Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles:11:sp3:teradata Security update for cairo (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS (bsc#1049092). - CVE-2017-7475: Fix a segfault in get_bitmap_surface due to malformed font (bsc#1036789). Moderate SUSE bug 1007255 SUSE bug 1036789 SUSE bug 1049092 CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sles:11:sp3:teradata Security update for cairo (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cairo fixes the following issues: - CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321). Low SUSE bug 1122321 CVE-2019-6462 cpe:/o:suse:sles:11:sp3:teradata Security update for cifs-utils (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cifs-utils fixes the following issues: Security issue fixed: - CVE-2014-2830: Fixed pam module pam_cifscreds stack overflow (bsc#870168). Important SUSE bug 870168 CVE-2014-2830 cpe:/o:suse:sles:11:sp3:teradata Security update for cifs-utils (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issue fixed: - Fix permissions of /var/spool/amavis. (bsc#815106) Important SUSE bug 1045490 SUSE bug 815106 CVE-2012-6706 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Important SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issue fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option. Moderate SUSE bug 1144504 SUSE bug 1149458 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Moderate SUSE bug 1118459 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1187509 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles:11:sp3:teradata Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Important SUSE bug 1199242 SUSE bug 1199244 SUSE bug 1199245 SUSE bug 1199246 SUSE bug 1199274 CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 cpe:/o:suse:sles:11:sp3:teradata Recommended udpate for SUSE Manager Client Tools (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for SUSE Manager Client Tools provides the following fixes and enhancements: rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) suseRegisterInfo: - Fix file permissions (bsc#970550) Low SUSE bug 970550 SUSE bug 970989 cpe:/o:suse:sles:11:sp3:teradata Security update for cloud-init (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cloud-init fixes the following issues: cloud-init was updated to version 19.4. Security issues fixed: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). Non-security issues fixed: - Entries in the routes definition have changed causing a traceback during rout config file writing. This patch update addresses the issue by extracting the new entries properly (bsc#1163178). - Do not attempt to configure an ephemeral network on OCI. We boot off iSCSI and the network is up. Just read the data (bsc#1161132, bsc#1161133). - Support a mix of DHCP and static on a single interface (bsc#1157894). Moderate SUSE bug 1099358 SUSE bug 1125950 SUSE bug 1125992 SUSE bug 1126101 SUSE bug 1129124 SUSE bug 1132692 SUSE bug 1136440 SUSE bug 1141969 SUSE bug 1142988 SUSE bug 1144363 SUSE bug 1144881 SUSE bug 1151488 SUSE bug 1154092 SUSE bug 1155376 SUSE bug 1156139 SUSE bug 1157894 SUSE bug 1161132 SUSE bug 1161133 SUSE bug 1162936 SUSE bug 1162937 SUSE bug 1163178 CVE-2019-0816 CVE-2020-8631 CVE-2020-8632 cpe:/o:suse:sles:11:sp3:teradata Security update for coreutils (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for coreutils fixes one issue. This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041) Important SUSE bug 1023041 CVE-2017-2616 cpe:/o:suse:sles:11:sp3:teradata Security update for coreutils (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for coreutils fixes the following issues: Security issues fixed: - CVE-2015-4041, CVE-2015-4042: Fixed a buffer overflow related to case conversion (bsc#928749). Moderate SUSE bug 928749 CVE-2015-4041 CVE-2015-4042 cpe:/o:suse:sles:11:sp3:teradata Security update for cpio SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This cpio update fixes the following security issue: * bnc#907456: heap-based buffer overflow flaw in list_file() (CVE-2014-9112) Security Issues: * CVE-2014-9112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112> SUSE bug 907456 CVE-2014-9112 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for cpio (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). - CVE-2016-2037: Fixed an out-of-bounds write in the way cpio parses certain cpio files (bsc#963448). Moderate SUSE bug 1155199 SUSE bug 963448 CVE-2016-2037 CVE-2019-14866 cpe:/o:suse:sles:11:sp3:teradata Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles:11:sp3:teradata Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles:11:sp3:teradata Security update for cracklib (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Moderate SUSE bug 928923 SUSE bug 992966 CVE-2016-6318 cpe:/o:suse:sles:11:sp3:teradata Security update for cron (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cron fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Other issues addressed: - Fixed an issue with SElinux where cron jobs were bocked when [permisive mode is selected (bsc#1046229). - Removed a duplicate sprintf and made some monepage changes (bsc#932499). Low SUSE bug 1046229 SUSE bug 1128935 SUSE bug 1128937 SUSE bug 932499 CVE-2019-9704 CVE-2019-9705 cpe:/o:suse:sles:11:sp3:teradata Security update for ctags (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ctags fixes the following issues: - CVE-2014-7204: Fixes a potential denial of service caused by an endless loop in javascript parser (bsc#899486). Moderate SUSE bug 899486 CVE-2014-7204 cpe:/o:suse:sles:11:sp3:teradata Security update for CUPS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes various issues in CUPS. * CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root. Security Issues: * CVE-2014-3537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537> * CVE-2014-5029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029> * CVE-2014-5030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030> * CVE-2014-5031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031> SUSE bug 887240 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for cups (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). Moderate SUSE bug 1096405 SUSE bug 1096406 SUSE bug 1096407 SUSE bug 1096408 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sles:11:sp3:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). - Fixed a double free which was triggered by Java application (bsc#959478). Important SUSE bug 1146358 SUSE bug 1146359 SUSE bug 959478 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles:11:sp3:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cups fixes the following issues: - CVE-2020-3898: Fixed heap buffer overflow in libcups ppdFindOption() function (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles:11:sp3:teradata Security update for cups (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). Moderate SUSE bug 1180520 CVE-2020-10001 cpe:/o:suse:sles:11:sp3:teradata Security update for cups (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles:11:sp3:teradata Security update for curl SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This curl update fixes the following security issues: * bnc#868627: wrong re-use of connections (CVE-2014-0138). * bnc#868629: IP address wildcard certificate validation (CVE-2014-0139). * bnc#870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: * CVE-2014-0138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138> * CVE-2014-0139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139> SUSE bug 868627 SUSE bug 868629 SUSE bug 870444 CVE-2014-0138 CVE-2014-0139 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for curl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005642 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Moderate SUSE bug 1015332 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Moderate SUSE bug 1015332 SUSE bug 1032309 SUSE bug 1051644 CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Moderate SUSE bug 1061876 CVE-2017-1000254 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] Moderate SUSE bug 1027712 SUSE bug 1077001 CVE-2016-7141 CVE-2018-1000007 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) Moderate SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Moderate SUSE bug 1106019 CVE-2018-14618 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicious FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). Moderate SUSE bug 1179398 SUSE bug 1179399 CVE-2020-8284 CVE-2020-8285 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). Moderate SUSE bug 1183933 CVE-2021-22876 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles:11:sp3:teradata Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2022-27776: Fixed Auth/cookie leak on redirect (bsc#1198766) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Moderate SUSE bug 1198614 SUSE bug 1198766 CVE-2022-22576 CVE-2022-27776 cpe:/o:suse:sles:11:sp3:teradata Security update for curl SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150> * CVE-2014-3613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613> * CVE-2014-3707 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707> SUSE bug 870444 SUSE bug 884698 SUSE bug 885302 SUSE bug 894575 SUSE bug 897816 SUSE bug 901924 SUSE bug 911363 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for curl (Important) (in QA) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) This patch is currently in QA and not yet available for download. Important SUSE bug 1199223 SUSE bug 1199224 CVE-2022-27781 CVE-2022-27782 cpe:/o:suse:sles:11:sp3:teradata Security update for cvs (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364) Moderate SUSE bug 1053364 CVE-2017-12836 cpe:/o:suse:sles:11:sp3:teradata Security update for cyrus-imapd (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include 'tls_versions: tls1_0 tls1_1 tls1_2'. New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Important SUSE bug 860611 SUSE bug 901748 SUSE bug 954200 SUSE bug 954201 SUSE bug 981670 CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 cpe:/o:suse:sles:11:sp3:teradata Security update for cyrus-imapd (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cyrus-imapd fixes the following issues: Security issue fixed: - CVE-2017-14230: Fixed a off-by-one error in prefix calculation for the LIST command that could cause use of uninitialized memory (bsc#1058021). Low SUSE bug 1058021 CVE-2017-14230 cpe:/o:suse:sles:11:sp3:teradata Security update for cyrus-imapd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cyrus-imapd fixes the following issues: - CVE-2021-33582: Fixed possible hash denial of service (bsc#1189313). Moderate SUSE bug 1189313 CVE-2021-33582 cpe:/o:suse:sles:11:sp3:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles:11:sp3:teradata Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles:11:sp3:teradata Security update for dbus-1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Various denial of service issues were fixed in the DBUS service. * CVE-2014-3638: dbus-daemon tracks whether method call messages expect a reply, so that unsolicited replies can be dropped. As currently implemented, if there are n parallel method calls in progress, each method reply takes O(n) CPU time. A malicious user could exploit this by opening the maximum allowed number of parallel connections and sending the maximum number of parallel method calls on each one, causing subsequent method calls to be unreasonably slow, a denial of service. * CVE-2014-3639: dbus-daemon allows a small number of 'incomplete' connections (64 by default) whose identity has not yet been confirmed. When this limit has been reached, subsequent connections are dropped. Alban's testing indicates that one malicious process that makes repeated connection attempts, but never completes the authentication handshake and instead waits for dbus-daemon to time out and disconnect it, can cause the majority of legitimate connection attempts to fail. Security Issues: * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> * CVE-2014-3638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638> SUSE bug 896453 CVE-2014-3638 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for dbus-1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles:11:sp3:teradata Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Moderate SUSE bug 969820 CVE-2016-2774 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119) This non-security issue was fixed: - Enhance dhclient-script to handle static route updates. (bsc#1023415) Moderate SUSE bug 1023415 SUSE bug 1076119 CVE-2017-3144 cpe:/o:suse:sles:11:sp3:teradata Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for dhcp (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sles:11:sp3:teradata Security update for dhcpcd (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for djvulibre (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:suse:sles:11:sp3:teradata Security update for djvulibre (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Low SUSE bug 1156188 CVE-2019-18804 cpe:/o:suse:sles:11:sp3:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles:11:sp3:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles:11:sp3:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles:11:sp3:teradata Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for djvulibre fixes the following issues: - Extend CVE-2021-3630 fix (bsc#1187869). Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles:11:sp3:teradata Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Important SUSE bug 983273 CVE-2015-8899 cpe:/o:suse:sles:11:sp3:teradata Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of 'basename' in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for dnsmasq (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Moderate SUSE bug 1076958 CVE-2017-15107 cpe:/o:suse:sles:11:sp3:teradata Security update for dnsmasq (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following issues: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Moderate SUSE bug 1154849 CVE-2019-14834 cpe:/o:suse:sles:11:sp3:teradata Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks (bsc#1177077). - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled (bsc#1177077). Non-security issue fixed: - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076). Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles:11:sp3:teradata Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Non-security fixes: - Removed cache size limit (bsc#1138743). Important SUSE bug 1138743 SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sles:11:sp3:teradata Security update for dosfstools (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an 'off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). Moderate SUSE bug 980364 SUSE bug 980377 CVE-2015-8872 CVE-2016-4804 cpe:/o:suse:sles:11:sp3:teradata Security update for e2fsprogs SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Two security issues were fixed in e2fsprogs: * CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346) Additionally, badblocks was enhanced to work with very large partitions. (bsc#932539) Security Issues: * CVE-2015-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247> * CVE-2015-1572 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572> SUSE bug 915402 SUSE bug 918346 SUSE bug 932539 CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for e2fsprogs (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Non-security issue fixed: - Fix resize2fs to not clear resize inode for 0 resvd blocks (bsc#1029927). - Don't use the extended rec_len encoding for standard file systems (bsc#1038885). Moderate SUSE bug 1029927 SUSE bug 1038885 SUSE bug 1160571 CVE-2019-5188 cpe:/o:suse:sles:11:sp3:teradata Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ed (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. (bsc#1019807) Low SUSE bug 1019807 CVE-2017-5357 cpe:/o:suse:sles:11:sp3:teradata Security update for elfutils SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 elfutils has been updated to fix one security issue: * CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662). Security Issues: * CVE-2014-9447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447> SUSE bug 911662 CVE-2014-9447 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for elfutils (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read in in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c which could have lead to denial of service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). - CVE-2017-7613: Missing validation of the number of sections and the number of segments allowed remote attackers to cause a denial of service (memory consumption) via a crafted ELF file (bsc#1033090). - CVE-2017-7612: The check_sysv_hash function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089). Low SUSE bug 1030472 SUSE bug 1030476 SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1106390 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:suse:sles:11:sp3:teradata Security update for emacs SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Emacs has been updated to fix the following issues: * Several cases of insecure usage of temporary files. (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424) * Use of vc-annotate for renamed files when using Git. (bnc#854683) Security Issues: * CVE-2014-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421> * CVE-2014-3422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422> * CVE-2014-3423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423> * CVE-2014-3424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424> SUSE bug 854683 SUSE bug 876847 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for emacs (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for evince (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file. (bsc#1070046) Moderate SUSE bug 1070046 CVE-2017-1000159 cpe:/o:suse:sles:11:sp3:teradata Security update for evince (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles:11:sp3:teradata Security update for evolution-data-server SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901553 CVE-2014-3566 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for evolution-data-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for evolution-data-server fixes the following issue: - CVE-2013-4166: Enclose email addresses in brackets to ensure an exact match (bsc#830491). Moderate SUSE bug 830491 CVE-2013-4166 cpe:/o:suse:sles:11:sp3:teradata Security update for exempi (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file (bsc#1085585). Moderate SUSE bug 1085295 SUSE bug 1085585 CVE-2017-18234 CVE-2018-7730 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Important SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Moderate SUSE bug 1022037 SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles:11:sp3:teradata Security update for expat (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles:11:sp3:teradata Security update for facter (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for facter fixes the following issues: - CVE-2015-1426: Prevent the EC2 metadata fact from collecting security credentials (bsc#917383). Moderate SUSE bug 917383 CVE-2015-1426 cpe:/o:suse:sles:11:sp3:teradata Security update for fastjar SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This fastjar update fixes a directory traversal issue (bnc#607043). Security Issue reference: * CVE-2010-0831 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831> SUSE bug 607043 CVE-2010-0831 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Moderate SUSE bug 775988 CVE-2012-3482 cpe:/o:suse:sles:11:sp3:teradata Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875) Moderate SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles:11:sp3:teradata Security update for file SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 file was updated to fix one security issue. * An out-of-bounds read flaw file's donote() function. This could possibly lead to file executable crash (CVE-2014-3710). Security Issues: * CVE-2014-3710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710> SUSE bug 902367 CVE-2014-3710 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for file-roller (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for file-roller fixes the following issues: - Fixed a potential denial of service when extracting a zip files (bsc#937635). Moderate SUSE bug 937635 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. * MFSA 2013-41: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References o Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20. * MFSA 2013-42 / CVE-2013-1670: Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. * MFSA 2013-43 / CVE-2013-1671: Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system. * MFSA 2013-44 / CVE-2013-1672: Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. * MFSA 2013-45: Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References: - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) * MFSA 2013-46 / CVE-2013-1674: Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. * MFSA 2013-47 / CVE-2013-1675: Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. * MFSA 2013-48: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. References o Out of Bounds Read in SelectionIterator::GetNextSegment (CVE-2013-1676) o Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677)) o Invalid write in _cairo_xlib_surface_add_glyph (CVE-2013-1678) o Heap-use-after-free in mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o Heap-use-after-free in nsFrameList::FirstChild (CVE-2013-1680) o Heap-use-after-free in nsContentUtils::RemoveScriptBlocker (CVE-2013-1681) * CVE-2012-1942 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942> * CVE-2013-0788 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788> * CVE-2013-0791 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791> * CVE-2013-0792 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792> * CVE-2013-0793 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793> * CVE-2013-0794 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794> * CVE-2013-0795 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795> * CVE-2013-0796 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796> * CVE-2013-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797> * CVE-2013-0798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798> * CVE-2013-0799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799> * CVE-2013-0800 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800> * CVE-2013-0801 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801> * CVE-2013-1669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669> * CVE-2013-1670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670> * CVE-2013-1671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671> * CVE-2013-1672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672> * CVE-2013-1673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673> * CVE-2013-1674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674> * CVE-2013-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675> * CVE-2013-1676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676> * CVE-2013-1677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677> * CVE-2013-1678 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678> * CVE-2013-1679 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679> * CVE-2013-1680 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680> * CVE-2013-1681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681> * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682> * CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684> * CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685> * CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686> * CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687> * CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690> * CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692> * CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693> * CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697> SUSE bug 792432 SUSE bug 813026 SUSE bug 819204 SUSE bug 825935 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues: * MFSA 2013-93: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24. (CVE-2013-5590) Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739) * MFSA 2013-95 / CVE-2013-5604: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. * MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. * MFSA 2013-98 / CVE-2013-5597: Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. * MFSA 2013-100: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. o ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle (CVE-2013-5599) o ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL (CVE-2013-5600) o ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler (CVE-2013-5601) * MFSA 2013-101 / CVE-2013-5602: Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477> * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479> * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480> * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481> * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482> * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483> * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484> * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485> * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486> * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487> * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488> * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489> * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490> * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491> SUSE bug 859055 SUSE bug 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs: * MFSA 2014-15: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 24.3 and Firefox 27. (CVE-2014-1493) * Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato reported memory safety problems and crashes that affect Firefox 27. (CVE-2014-1494) * MFSA 2014-16 / CVE-2014-1496: Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system. * MFSA 2014-17 / CVE-2014-1497: Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. * MFSA 2014-18 / CVE-2014-1498: Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. * MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the webcam or microphone by masquerading as another site and gaining user permission through spoofing. * MFSA 2014-20 / CVE-2014-1500: Security researchers Tim Philipp Schaefers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application. * MFSA 2014-21 / CVE-2014-1501: Security researcher Alex Infuehr reported that on Firefox for Android it is possible to open links to local files from web content by selecting 'Open Link in New Tab' from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems. * MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances. * MFSA 2014-23 / CVE-2014-1504: Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces a browser crash with another bug, an XSS attack would occur during session restoration, bypassing the CSP on the site. * MFSA 2014-26 / CVE-2014-1508: Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresses. In combination with previous techniques used for SVG timing attacks, this could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-27 / CVE-2014-1509: Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed. * MFSA 2014-28 / CVE-2014-1505: Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. * MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511: Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. * MFSA 2014-30 / CVE-2014-1512: Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. * MFSA 2014-31 / CVE-2014-1513: Security researcher Jueri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution. * MFSA 2014-32 / CVE-2014-1514: Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. SUSE bug 868603 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release: * CVE-2014-1544 - https://www.mozilla.org/security/announce/2014/mfsa2014-63.html <https://www.mozilla.org/security/announce/2014/mfsa2014-63.html> * CVE-2014-1548 - https://www.mozilla.org/security/announce/2014/mfsa2014-56.html <https://www.mozilla.org/security/announce/2014/mfsa2014-56.html> * CVE-2014-1549 - https://www.mozilla.org/security/announce/2014/mfsa2014-57.html <https://www.mozilla.org/security/announce/2014/mfsa2014-57.html> * CVE-2014-1550 - https://www.mozilla.org/security/announce/2014/mfsa2014-58.html <https://www.mozilla.org/security/announce/2014/mfsa2014-58.html> * CVE-2014-1551 - https://www.mozilla.org/security/announce/2014/mfsa2014-59.html <https://www.mozilla.org/security/announce/2014/mfsa2014-59.html> * CVE-2014-1552 - https://www.mozilla.org/security/announce/2014/mfsa2014-66.html <https://www.mozilla.org/security/announce/2014/mfsa2014-66.html> * CVE-2014-1555 - https://www.mozilla.org/security/announce/2014/mfsa2014-61.html <https://www.mozilla.org/security/announce/2014/mfsa2014-61.html> * CVE-2014-1556 - https://www.mozilla.org/security/announce/2014/mfsa2014-62.html <https://www.mozilla.org/security/announce/2014/mfsa2014-62.html> * CVE-2014-1557 - https://www.mozilla.org/security/announce/2014/mfsa2014-64.html <https://www.mozilla.org/security/announce/2014/mfsa2014-64.html> * CVE-2014-1558,CVE-2014-1559,CVE-2014-1560 - https://www.mozilla.org/security/announce/2014/mfsa2014-65.html <https://www.mozilla.org/security/announce/2014/mfsa2014-65.html> * CVE-2014-1561 - https://www.mozilla.org/security/announce/2014/mfsa2014-60.html <https://www.mozilla.org/security/announce/2014/mfsa2014-60.html> Security Issues: * CVE-2014-1557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557> * CVE-2014-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547> * CVE-2014-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548> * CVE-2014-1556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556> * CVE-2014-1544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544> * CVE-2014-1555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555> SUSE bug 887746 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ <https://www.mozilla.org/security/announce/> . Security Issues: * CVE-2014-1562 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562> * CVE-2014-1567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567> SUSE bug 894370 CVE-2014-1562 CVE-2014-1567 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587> * CVE-2014-1588 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588> * CVE-2014-1589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589> * CVE-2014-1590 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590> * CVE-2014-1591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591> * CVE-2014-1592 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592> * CVE-2014-1593 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593> * CVE-2014-1594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594> * CVE-2014-1595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595> SUSE bug 908009 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list. For more information, please see https://www.mozilla.org/en-US/security/advisories/ <https://www.mozilla.org/en-US/security/advisories/> Security Issues: * CVE-2014-1569 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569> * CVE-2014-8634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634> * CVE-2014-8639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639> * CVE-2014-8641 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641> * CVE-2014-8638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638> * CVE-2014-8636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636> * CVE-2014-8637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637> * CVE-2014-8640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640> SUSE bug 910647 SUSE bug 910669 SUSE bug 913064 SUSE bug 913066 SUSE bug 913067 SUSE bug 913068 SUSE bug 913102 SUSE bug 913103 SUSE bug 913104 CVE-2014-1569 CVE-2014-8634 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues: * CVE-2015-0817 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817> * CVE-2015-0818 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818> SUSE bug 923534 CVE-2015-0817 CVE-2015-0818 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update to Firefox 31.7.0 ESR fixes the following issues: * MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. * MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. * MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. * MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. * MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537. Security Issues: * CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> * CVE-2015-2708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708> * CVE-2015-2709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709> * CVE-2015-2710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710> * CVE-2015-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713> * CVE-2015-2716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716> SUSE bug 930622 CVE-2015-0797 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues: Mozilla Firefox was updated to the 60.9.0esr release: Security Advisory MFSA 2019-27: * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449, bsc#1149297) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033, bsc#1149297) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715, bsc#1149303) * Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11753 (bmo#1574980, bsc#1149295) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152, bsc#1149296) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015, bsc#1149294) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495, bsc#1149298) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299) - Rebuild glib2 schemas on SLE-11 (bsc#1145550) Changes in firefox-glib2: - Fix the rpm macros %glib2_gsettings_schema_* which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Changes in firefox-gtk3: - Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm macros %glib2_gsettings_schema_* in firefox-glib2 package which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Important SUSE bug 1145550 SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla Firefox (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 (bsc#1154738) * CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757: Use-after-free when creating index updates in IndexedDB * CVE-2019-11758: Potentially exploitable crash due to 360 Total Security * CVE-2019-11759: Stack buffer overflow in HKDF output * CVE-2019-11760: Stack buffer overflow in WebRTC networking * CVE-2019-11761: Unintended access to a privileged JSONView object * CVE-2019-11762: document.domain-based origin isolation has same-origin- property violation * CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 Other Issues resolved: * [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20 * [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in * [bsc#1043008] Firefox hangs randomly when browsing and scrolling * [bsc#1025108] Firefox stops loading page until mouse is moved * [bsc#905528] Firefox malfunctions due to broken omni.ja archives Important SUSE bug 1000036 SUSE bug 1001652 SUSE bug 1025108 SUSE bug 1029377 SUSE bug 1029902 SUSE bug 1040164 SUSE bug 104105 SUSE bug 1042670 SUSE bug 1043008 SUSE bug 1044946 SUSE bug 1047925 SUSE bug 1047936 SUSE bug 1048299 SUSE bug 1049186 SUSE bug 1050653 SUSE bug 1056058 SUSE bug 1058013 SUSE bug 1066242 SUSE bug 1066953 SUSE bug 1070738 SUSE bug 1070853 SUSE bug 1072320 SUSE bug 1072322 SUSE bug 1073796 SUSE bug 1073798 SUSE bug 1073799 SUSE bug 1073803 SUSE bug 1073808 SUSE bug 1073818 SUSE bug 1073823 SUSE bug 1073829 SUSE bug 1073830 SUSE bug 1073832 SUSE bug 1073846 SUSE bug 1074235 SUSE bug 1077230 SUSE bug 1079761 SUSE bug 1081750 SUSE bug 1082318 SUSE bug 1087453 SUSE bug 1087459 SUSE bug 1087463 SUSE bug 1088573 SUSE bug 1091764 SUSE bug 1094814 SUSE bug 1097158 SUSE bug 1097375 SUSE bug 1097401 SUSE bug 1097404 SUSE bug 1097748 SUSE bug 1104841 SUSE bug 1105019 SUSE bug 1107030 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 SUSE bug 1120644 SUSE bug 1122191 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1127532 SUSE bug 1129346 SUSE bug 1130694 SUSE bug 1130840 SUSE bug 1133452 SUSE bug 1133810 SUSE bug 1134209 SUSE bug 1138459 SUSE bug 1140290 SUSE bug 1140868 SUSE bug 1141853 SUSE bug 1144919 SUSE bug 1145665 SUSE bug 1146090 SUSE bug 1146091 SUSE bug 1146093 SUSE bug 1146094 SUSE bug 1146095 SUSE bug 1146097 SUSE bug 1146099 SUSE bug 1146100 SUSE bug 1149323 SUSE bug 1153423 SUSE bug 1154738 SUSE bug 1447070 SUSE bug 1447409 SUSE bug 744625 SUSE bug 744629 SUSE bug 845955 SUSE bug 865853 SUSE bug 905528 SUSE bug 917607 SUSE bug 935856 SUSE bug 937414 SUSE bug 947747 SUSE bug 948045 SUSE bug 948602 SUSE bug 955142 SUSE bug 957814 SUSE bug 957815 SUSE bug 961254 SUSE bug 962297 SUSE bug 966076 SUSE bug 966077 SUSE bug 985201 SUSE bug 986541 SUSE bug 991344 SUSE bug 998743 CVE-2013-2882 CVE-2013-6639 CVE-2013-6640 CVE-2013-6668 CVE-2014-0224 CVE-2015-3193 CVE-2015-3194 CVE-2015-5380 CVE-2015-7384 CVE-2016-2086 CVE-2016-2178 CVE-2016-2183 CVE-2016-2216 CVE-2016-5172 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 CVE-2017-1000381 CVE-2017-10686 CVE-2017-11111 CVE-2017-11499 CVE-2017-14228 CVE-2017-14849 CVE-2017-14919 CVE-2017-15896 CVE-2017-15897 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 CVE-2017-18207 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-1000168 CVE-2018-12115 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-20406 CVE-2018-20852 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 CVE-2018-7161 CVE-2018-7167 CVE-2019-10160 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13173 CVE-2019-15903 CVE-2019-5010 CVE-2019-5737 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2019-9636 CVE-2019-9811 CVE-2019-9812 CVE-2019-9947 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. Moderate SUSE bug 1137338 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla Firefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609> * CVE-2013-5610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610> * CVE-2013-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611> * CVE-2013-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612> * CVE-2013-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613> * CVE-2013-5614 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614> * CVE-2013-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615> * CVE-2013-5616 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616> * CVE-2013-5618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618> * CVE-2013-5619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619> * CVE-2013-6671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671> * CVE-2013-6672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672> * CVE-2013-6673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673> SUSE bug 854367 SUSE bug 854370 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. This update fixes some regressions introduced by the previously released update. Security Issues: * CVE-2014-1574 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574> * CVE-2014-1575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575> * CVE-2014-1576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576> * CVE-2014-1577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577> * CVE-2014-1578 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578> * CVE-2014-1581 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581> * CVE-2014-1583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583> * CVE-2014-1585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585> * CVE-2014-1586 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586> SUSE bug 900941 SUSE bug 905056 SUSE bug 905528 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for flac SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962> * CVE-2014-9028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028> SUSE bug 906831 SUSE bug 907016 CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for flac (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ (bsc#1196660). Moderate SUSE bug 1196660 CVE-2021-0561 cpe:/o:suse:sles:11:sp3:teradata Security update for fontconfig (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] Low SUSE bug 992534 CVE-2016-5384 cpe:/o:suse:sles:11:sp3:teradata Security update for foomatic-filters (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Moderate SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for freeradius SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a denial of service (crash) security issue rlm_pap hash processing in FreeRadius, which could have been caused by special passwords fed into the RLM-PAP password checking method via LDAP by remote attackers. Security Issue reference: * CVE-2014-2015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015> SUSE bug 864576 CVE-2014-2015 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bnc#1041445) - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. (bnc#935573) The following non security issue was fixed: - Cannot create table radpostauth because of deprecated TIMESTAMP(14) syntax. (bsc#912873) Moderate SUSE bug 1041445 SUSE bug 912873 SUSE bug 935573 CVE-2015-4680 CVE-2017-9148 cpe:/o:suse:sles:11:sp3:teradata Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10979 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 cpe:/o:suse:sles:11:sp3:teradata Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freeradius-server fixes the following issues: - Moved logrotate options into specific parts for each config as 'global' options will persist past and clobber global options in the main logrotate config (bsc#1180525) Moderate SUSE bug 1180525 cpe:/o:suse:sles:11:sp3:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c (CVE-2014-9745, bsc#945849) - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (CVE-2014-9747, bsc#947966) Moderate SUSE bug 945849 SUSE bug 947966 CVE-2014-9745 CVE-2014-9747 cpe:/o:suse:sles:11:sp3:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) Moderate SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles:11:sp3:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c (bsc#1034191). Moderate SUSE bug 1034191 CVE-2016-10328 cpe:/o:suse:sles:11:sp3:teradata Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for freetype2 fixes the following issues: - CVE-2015-9381, CVE-2015-9382, CVE-2015-9383: Fixed various invalid memory accesses when opening a crafted font (bsc#1149384 bsc#1149395 bsc#1149397). - CVE-2017-8105, CVE-2017-8287: Fixed various invalid memory writes in the type 1 glyph loader (bsc#1035807 bsc#1036457). Moderate SUSE bug 1035807 SUSE bug 1036457 SUSE bug 1149384 SUSE bug 1149395 SUSE bug 1149397 CVE-2015-9381 CVE-2015-9382 CVE-2015-9383 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles:11:sp3:teradata Security update for freetype2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The font rendering library freetype2 has been updated to fix various security issues. Security Issues: * CVE-2014-9656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656> * CVE-2014-9657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657> * CVE-2014-9658 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658> * CVE-2014-9660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660> * CVE-2014-9661 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661> * CVE-2014-9662 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662> * CVE-2014-9667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667> * CVE-2014-9666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666> * CVE-2014-9665 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665> * CVE-2014-9664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664> * CVE-2014-9663 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663> * CVE-2014-9659 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659> * CVE-2014-9668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668> * CVE-2014-9669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669> * CVE-2014-9670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670> * CVE-2014-9671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671> * CVE-2014-9672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672> * CVE-2014-9673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673> * CVE-2014-9674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674> * CVE-2014-9675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675> SUSE bug 916856 SUSE bug 916857 SUSE bug 916858 SUSE bug 916859 SUSE bug 916861 SUSE bug 916863 SUSE bug 916864 SUSE bug 916865 SUSE bug 916870 SUSE bug 916871 SUSE bug 916872 SUSE bug 916873 SUSE bug 916874 SUSE bug 916879 SUSE bug 916881 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for fribidi (Moderate) (in QA) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). This patch is currently in QA and not yet available for download. Moderate SUSE bug 1196147 SUSE bug 1196148 SUSE bug 1196150 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 cpe:/o:suse:sles:11:sp3:teradata Security update for FUSE SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for FUSE fixes the following security issue: * CVE-2015-3202: FUSE did not clear the environment upon execution of external programs. Security Issues: * CVE-2015-3202 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202> SUSE bug 931452 CVE-2015-3202 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for fuse (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Moderate SUSE bug 1101797 CVE-2018-10906 cpe:/o:suse:sles:11:sp3:teradata Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gcc43 fixes the following issues: Security issue fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] New features: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection to mitigate the Stack Clash attack. [bnc#1039513] Non security bugs fixed: - Fixed build of 32bit libgcov.a with LFS support. [bsc#1044016] - Fixed issue with libstdc++ functional when an exception is thrown during construction. [bsc#999596] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed ICE compiling AFS modules for the s390x kernel. [bsc#938159] - Backport large file support from GCC 4.6. Moderate SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1045091 SUSE bug 1059075 SUSE bug 1074621 SUSE bug 938159 SUSE bug 977654 SUSE bug 999596 CVE-2017-1000376 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Moderate SUSE bug 1086069 SUSE bug 1092807 CVE-2017-5715 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for gcc48 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Properly diagnose missing -fsanitize=address support on ppc64le. [bsc#1028744] - Backport patch for PR65612. [bsc#1022062] - Re-spin to provide missing libasan0-32bit and other multilibs via the updated product description. [bsc#951644] - Fixed for DR#1288. [bsc#1011348] - Fix libffi issue for armv7l. [bsc#988274] - Fixed a kernel miscompile on aarch64. [bnc #981311] - Fixed a ppc64le internal compiler error. [bnc #976627] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed samba build on AARCH64. [bsc#970009] - Build without GRAPHITE where cloog-isl is not available. - Fixed HTM builtins on powerpc. [bsc#955382] - Fixed build of SLOF. [bsc#949000] - Fixed C++11 std::random_device short reads, CVE-2015-5276. [bsc#945842] - Fixed libffi issues on aarch64. [bsc#948168] - Fixed no_instrument_function attribute handling on PPC64 with -mprofile-kernel. [bsc#947791] - Enable 32bit code generation for ppc64le but do not build 32bit target libraries. Fixes ppc64le kernel compile. - Update to GCC 4.8.5 release. * Fixes bogus integer overflow in constant expression. [bsc#934689] * Fixes ICE with atomics on aarch64. [bsc#930176] - Fixed reload issue on S390. - Add patch to keep functions leaf when they are instrumented for profiling on s390[x]. [bsc#899871] - Avoid accessing invalid memory when passing aggregates by value. [bsc#922534] - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. [bsc#927993] - Update to gcc-4_8-branch head (r221715). * Includes GCC 4.8.4 release. * Includes fix for -imacros bug. [bsc#917169] * Includes fix for incorrect -Warray-bounds warnings. [bsc#919274] * Includes updated -mhotpatch for s390x. [bsc#924525] * Includes fix for ppc64le issue with doubleword vector extract. [bsc#924687] - Backport rework of the memory allocator for C++ exceptions used in OOM situations. [bsc#889990] - Remove invalid use of glibc internals in TSAN. - Update to gcc-4_8-branch head (r218481). * Includes patches to allow building against ISL 0.14. - Disable all languages but C, C++, Fortran and Ada. [fate#316860] Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 SUSE bug 878067 SUSE bug 889990 SUSE bug 899871 SUSE bug 917169 SUSE bug 919274 SUSE bug 922534 SUSE bug 924525 SUSE bug 924687 SUSE bug 927993 SUSE bug 930176 SUSE bug 934689 SUSE bug 945842 SUSE bug 947772 SUSE bug 947791 SUSE bug 948168 SUSE bug 949000 SUSE bug 951644 SUSE bug 955382 SUSE bug 970009 SUSE bug 976627 SUSE bug 977654 SUSE bug 981311 SUSE bug 988274 CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sles:11:sp3:teradata Security update for gcc48 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gcc48 fixes the following issues: - CVE-2019-14250: Fixed an integer overflow that could lead to an invalid memory access (bsc#1142649). Non-security fixes: - Fixed an issue with manual page builds (bsc#1185395). - Fixed an issue with static initializers (bsc#1177947). - Fixed an issue with exception handling on s390x (bsc#1161913). - Fixed a reload bug on aarch64 (bsc#1093797). - Added a Spectre V2 mitigation for s390x (bsc#1083945). Important SUSE bug 1071995 SUSE bug 1082130 SUSE bug 1083945 SUSE bug 1087932 SUSE bug 1093797 SUSE bug 1131264 SUSE bug 1142649 SUSE bug 1161913 SUSE bug 1177947 SUSE bug 1178675 SUSE bug 1185395 CVE-2019-14250 cpe:/o:suse:sles:11:sp3:teradata Security update for gd SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The graphics drawing library gd has been updated to fix one security issue: * possible buffer read overflow (CVE-2014-9709) Security Issues: * CVE-2014-9709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709> SUSE bug 923945 CVE-2014-9709 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] Moderate SUSE bug 988032 CVE-2016-6161 cpe:/o:suse:sles:11:sp3:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles:11:sp3:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Moderate SUSE bug 1015187 CVE-2016-9933 cpe:/o:suse:sles:11:sp3:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Moderate SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 CVE-2016-10167 CVE-2016-10168 CVE-2016-9317 cpe:/o:suse:sles:11:sp3:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This non-security issue was fixed: - Fixed gd2togif error message (bsc#1025223) Moderate SUSE bug 1025223 SUSE bug 1076391 CVE-2018-5711 cpe:/o:suse:sles:11:sp3:teradata Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gd fixes the following issues: Security vulnerability addressed: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2019-6978: Fixed a double free in the GD graphics library (bsc#1123522). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1123522 SUSE bug 1140120 CVE-2017-7890 CVE-2019-11038 CVE-2019-6978 cpe:/o:suse:sles:11:sp3:teradata Security update for gdb (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gdb fixes the following issues: Security issue fixed: - CVE-2019-1010180: Fixed a buffer overflow and out of bound memory access that can lead to deny of service, memory disclosure, and possible code execution (bsc#1142772). Moderate SUSE bug 1142772 CVE-2019-1010180 cpe:/o:suse:sles:11:sp3:teradata Security update for gdb (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gdb fixes the following issues: - CVE-2019-1010180: Fixed a buffer overflow (bsc#1142772). Moderate SUSE bug 1142772 CVE-2019-1010180 cpe:/o:suse:sles:11:sp3:teradata Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237) Moderate SUSE bug 1004237 CVE-2016-8602 cpe:/o:suse:sles:11:sp3:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles:11:sp3:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript-library fixes several issues. These security issues were fixed: - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Moderate SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-9601 CVE-2017-11714 CVE-2017-7207 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 cpe:/o:suse:sles:11:sp3:teradata Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c (bsc#1090099) - Fixed a crash in the fix for CVE-2016-9601. Moderate SUSE bug 1090099 CVE-2016-9601 CVE-2018-10194 cpe:/o:suse:sles:11:sp3:teradata Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Important SUSE bug 1050893 SUSE bug 1106173 SUSE bug 1107410 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107426 CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Recommended update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles:11:sp3:teradata Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). Moderate SUSE bug 974847 CVE-2016-3977 cpe:/o:suse:sles:11:sp3:teradata Security update for glib2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). Moderate SUSE bug 1107116 SUSE bug 1111499 CVE-2018-16429 cpe:/o:suse:sles:11:sp3:teradata Security update for glib2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Important SUSE bug 1137001 CVE-2019-12450 cpe:/o:suse:sles:11:sp3:teradata Security update for glib2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glib2 fixes the following issues: - CVE-2021-3800: Fixed a file content leak in pkexec due to charset aliases (bsc#1191489). - CVE-2018-16428: Fixed a NULL pointer dereference in g_markup_parse_context_end_parse() (bsc#1107121). Moderate SUSE bug 1107121 SUSE bug 1191489 CVE-2018-16428 CVE-2021-3800 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This glibc update fixes a critical privilege escalation problem and two non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv. * bnc#888347: printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. Security Issues: * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119> SUSE bug 888347 SUSE bug 892065 SUSE bug 892073 CVE-2014-5119 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Moderate SUSE bug 931399 SUSE bug 965699 SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 973179 SUSE bug 980483 SUSE bug 980854 SUSE bug 986302 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Important SUSE bug 1039357 CVE-2017-1000366 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Important SUSE bug 1074293 CVE-2018-1000001 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1074293 SUSE bug 1079036 SUSE bug 978209 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger (bsc#1076871) Moderate SUSE bug 1076871 SUSE bug 1081556 CVE-2017-12133 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. Important SUSE bug 1077763 SUSE bug 1079625 SUSE bug 1086690 SUSE bug 1094161 CVE-2018-11236 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Important SUSE bug 1058774 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 941234 CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Recommended update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). Moderate SUSE bug 1064569 SUSE bug 1110170 SUSE bug 1110174 CVE-2017-15671 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issue: Security issue fixed: - CVE-2009-5155: Fixed a local denial of service inside the parse_reg_exp in posix/regcomp.c (bsc#1127223). Moderate SUSE bug 1127223 CVE-2009-5155 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). Important SUSE bug 1127308 CVE-2019-9169 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:suse:sles:11:sp3:teradata Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) Important SUSE bug 1193615 SUSE bug 1193616 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2015-8982 CVE-2015-8983 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles:11:sp3:teradata Security update for gmp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow on malformed input to mpz_inp_raw (bsc#1192717). Moderate SUSE bug 1192717 CVE-2021-43618 cpe:/o:suse:sles:11:sp3:teradata Security update for gnome-session (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gnome-session fixes the following issues: - CVE-2017-11171: Fix a denial of service condition. an unauthenticated local user can create ICE connections, causing a file descriptor leak in gnome-session (bsc#1048274). Moderate SUSE bug 1048274 CVE-2017-11171 cpe:/o:suse:sles:11:sp3:teradata Security update for gnuplot (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gnuplot fixes the following issues: Security issues fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overflow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) - CVE-2017-9670: Fixed a uninitialized stack variable vulnerability which could lead to a Denial of Service (bsc#1044638) Non-security issues fixed: - postscript output does not show any German 'umlauts' (bsc#375175) Moderate SUSE bug 1044638 SUSE bug 1117463 SUSE bug 1117464 SUSE bug 1117465 SUSE bug 375175 CVE-2017-9670 CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 cpe:/o:suse:sles:11:sp3:teradata Security update for gnutls SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> SUSE bug 880730 SUSE bug 880910 CVE-2014-3466 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gnutls (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 961491 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/o:suse:sles:11:sp3:teradata Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1040621 CVE-2017-6891 CVE-2017-7869 cpe:/o:suse:sles:11:sp3:teradata Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460). - CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002). Moderate SUSE bug 1047002 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10846 cpe:/o:suse:sles:11:sp3:teradata Security update for GPG2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 GPG2 has been updated to fix a possible denial of service. This security issue has been fixed: * Denial of service through infinite loop with garbled compressed data packets (CVE-2014-4617) Security Issues: * CVE-2014-4617 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617> SUSE bug 884130 CVE-2014-4617 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gpg2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Moderate SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gpg2 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for gpg2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). Moderate SUSE bug 1124847 SUSE bug 1141093 CVE-2019-13050 cpe:/o:suse:sles:11:sp3:teradata Security update for gpgme SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This gpgme update fixes the following security issue: * bnc#890123: Fix possible overflow in gpgsm and uiserver engines (CVE-2014-3564) Security Issues: * CVE-2014-3564 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564> SUSE bug 890123 CVE-2014-3564 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for graphviz (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Low SUSE bug 1093447 CVE-2018-10196 cpe:/o:suse:sles:11:sp3:teradata Security update for grep (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for grep fixes the following issues: - CVE-2012-5667: Fixed an integer overflow when reading long lines (bsc#795827). Moderate SUSE bug 795827 CVE-2012-5667 cpe:/o:suse:sles:11:sp3:teradata Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Bugs fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Important SUSE bug 884828 SUSE bug 884830 SUSE bug 946148 SUSE bug 952539 SUSE bug 954592 SUSE bug 956631 CVE-2015-8370 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for grub2 fixes the following security issues: - CVE-2017-9763: Fix a memory leak in grub_ext2_read_block. (bsc#1045063) - CVE-2020-10713: Prevent parsing overflows from bypassing secure boot restrictions. (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: Avoid integer overflows. (bsc#1173812) - CVE-2020-15706: Avoid a use-after-free when redefining a function during execution. (bsc#1174463) - CVE-2020-15707: Fix integer overflows in initrd size handling. (bsc#1174570) This update for grub2 fixes the following non-security issue: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Important SUSE bug 1045063 SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 SUSE bug 1174782 SUSE bug 1175036 SUSE bug 1175060 CVE-2017-9763 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles:11:sp3:teradata Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles:11:sp3:teradata Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was updated to version 2.02, same as in SUSE Linux Enterprise 12 SP3. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2017-9763 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles:11:sp3:teradata Security update for gstreamer-0_10-plugins-base (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Moderate SUSE bug 1013669 CVE-2016-9811 cpe:/o:suse:sles:11:sp3:teradata Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076). - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079). - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1024076 SUSE bug 1024079 SUSE bug 1133375 CVE-2017-5837 CVE-2017-5844 CVE-2019-9928 cpe:/o:suse:sles:11:sp3:teradata Security update for gstreamer-0_10-plugins-good (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA gstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 cpe:/o:suse:sles:11:sp3:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gdk2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Moderate SUSE bug 966682 SUSE bug 988745 SUSE bug 991450 CVE-2013-7447 CVE-2016-6352 cpe:/o:suse:sles:11:sp3:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). Moderate SUSE bug 1053417 cpe:/o:suse:sles:11:sp3:teradata Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). Moderate SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1039465 SUSE bug 1048289 SUSE bug 1048544 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sles:11:sp3:teradata Security update for guestfs SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 A predictable socketname in the guestfish commandline tool could be used by a local attacker to gain access to guestfish sessions of other users on the same system. (CVE-2013-4419) Security Issue reference: * CVE-2013-4419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4419> SUSE bug 845720 CVE-2013-4419 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for guile (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sles:11:sp3:teradata Security update for gzip (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles:11:sp3:teradata Security update for hplip SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 hplip was updated to fix three security issues: * CVE-2013-0200: Some local file overwrite problems via predictable /tmp filenames were fixed. * CVE-2013-4325: hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. * CVE-2013-6402: hplip uses arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log). Security Issue references: * CVE-2013-4325 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325> * CVE-2013-0200 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200> * CVE-2013-6402 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402> SUSE bug 808355 SUSE bug 835827 SUSE bug 836937 SUSE bug 852368 CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for hunspell (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). Low SUSE bug 1151867 CVE-2019-16707 cpe:/o:suse:sles:11:sp3:teradata Security update for icu SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issue in icu: * CVE-2014-9654: insufficient size limit checks in regular expression compiler (bsc#917129) Security Issues: * CVE-2014-9654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654> SUSE bug 917129 CVE-2014-9654 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for icu fixes the following issue: The previous patch for CVE-2014-9654 was incorrect and lead to non-working regular expressions. This update fixes this problem (bsc#952260) Moderate SUSE bug 952260 CVE-2014-9654 cpe:/o:suse:sles:11:sp3:teradata Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). Moderate SUSE bug 1012224 CVE-2014-9911 cpe:/o:suse:sles:11:sp3:teradata Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for icu fixes the following issues: - CVE-2014-9911: The fix was updated to not crash (NULL ptr deref) when resPath is NULL (bsc#1023033). Moderate SUSE bug 1023033 CVE-2014-9911 cpe:/o:suse:sles:11:sp3:teradata Security update for icu (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) Important SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 990636 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles:11:sp3:teradata Security update for inn (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for inn fixes the following issues: - CVE-2019-3692: Fixed a local privilege escalation from any user to 'news' (bsc#1154302). Moderate SUSE bug 1154302 CVE-2019-3692 cpe:/o:suse:sles:11:sp3:teradata Security update for inn (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for inn fixes the following issues: - CVE-2021-31998: Fixed locale privialge escalation during the update of inn (bsc#1182321). Important SUSE bug 1182321 CVE-2021-31998 cpe:/o:suse:sles:11:sp3:teradata Security update for intel-SINIT (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for intel-SINIT fixes the following issues: Security issue fixed: - CVE-2011-5174: Fixed security issue in old SINIT files which allowed local users to bypass the TXT protection mechanism (bsc#1069754). Important SUSE bug 1069754 CVE-2011-5174 cpe:/o:suse:sles:11:sp3:teradata Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed: - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests (bsc#931989). Due to a packaging error, the racoonf.conf config file was symlinked to /usr/share/doc/packages/ipsec-tools/examples/racoon/samples/racoon.conf on some processor platforms, edits might have happened only in this example file. Before upgrading, please check if /etc/racoon/racoon.conf is a symlink to this example file and backup the content. (bsc#939810) Moderate SUSE bug 931989 SUSE bug 939810 CVE-2015-4047 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Moderate SUSE bug 1047443 CVE-2016-10396 cpe:/o:suse:sles:11:sp3:teradata Security update for jakarta-commons-collections (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update to jakarta-commons-collections 3.2.2 fixes the following security issues: * bsc#954102 code-execution by unserialization Moderate SUSE bug 954102 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for jakarta-commons-fileupload SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a security issue with jakarta-commons-fileupload: * bnc#862781: denial of service due to too-small buffer size used (CVE-2014-0050) Security Issue reference: * CVE-2014-0050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050> SUSE bug 862781 CVE-2014-0050 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles:11:sp3:teradata Security update for jakarta-taglibs-standard (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Important SUSE bug 920813 CVE-2015-0254 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for jasper fixes the following security issues: * CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474) * CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475) * CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837) * CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837) Security Issues: * CVE-2014-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138> * CVE-2014-8137 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137> * CVE-2014-8157 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157> * CVE-2014-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158> SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 CVE-2014-8137 CVE-2014-8138 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015400 SUSE bug 1015993 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2018-9055: Fixed a denial of service in jpc_firstone (bsc#1087020). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Moderate SUSE bug 1010783 SUSE bug 1087020 SUSE bug 1117505 SUSE bug 1117507 SUSE bug 1117508 SUSE bug 1117511 CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-9055 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786). - CVE-2016-9557: Fix signed integer overflow (bsc#1011829). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). Low SUSE bug 1010786 SUSE bug 1010979 SUSE bug 1010980 SUSE bug 1011829 SUSE bug 1020451 SUSE bug 1020456 SUSE bug 1020458 SUSE bug 1020460 SUSE bug 1045450 SUSE bug 1057152 SUSE bug 1088278 SUSE bug 1092115 SUSE bug 1114498 SUSE bug 1115637 SUSE bug 1117328 SUSE bug 1120805 SUSE bug 1120807 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9154 CVE-2018-9252 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Moderate SUSE bug 1188437 CVE-2021-27845 cpe:/o:suse:sles:11:sp3:teradata Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). Moderate SUSE bug 1182104 SUSE bug 1182105 SUSE bug 1184757 SUSE bug 1184798 CVE-2021-26926 CVE-2021-26927 CVE-2021-3443 CVE-2021-3467 cpe:/o:suse:sles:11:sp3:teradata Security update for IBM Java SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues has been fixed: * Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014 <http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014> Security Issues: * CVE-2014-3065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-6506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506> * CVE-2014-6511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511> * CVE-2014-6531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531> * CVE-2014-6512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512> * CVE-2014-6457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457> * CVE-2014-6502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502> * CVE-2014-6558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558> * CVE-2014-6513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513> * CVE-2014-6503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503> * CVE-2014-4288 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288> * CVE-2014-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493> * CVE-2014-6532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532> * CVE-2014-6492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492> * CVE-2014-6458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458> * CVE-2014-6466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466> * CVE-2014-6515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515> * CVE-2014-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456> * CVE-2014-6476 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476> * CVE-2014-6527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527> SUSE bug 904889 CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries * bsc#941939: provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 935540 SUSE bug 936844 SUSE bug 938895 SUSE bug 941939 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Important SUSE bug 960286 SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Important SUSE bug 960286 SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.35 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_6_0-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_6_0-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Important SUSE bug 1027038 SUSE bug 1038505 CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_6_0-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 (bsc#1070162) * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_6_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Important SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for IBM Java SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues. These security issues have been fixed: * Unspecified vulnerability (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014 <http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014> Security Issues: * CVE-2014-3065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-6506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506> * CVE-2014-6511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511> * CVE-2014-6531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531> * CVE-2014-6512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512> * CVE-2014-6457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457> * CVE-2014-6502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502> * CVE-2014-6558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558> * CVE-2014-6513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513> * CVE-2014-6503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503> * CVE-2014-4288 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288> * CVE-2014-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493> * CVE-2014-6532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532> * CVE-2014-6492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492> * CVE-2014-6458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458> * CVE-2014-6466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466> * CVE-2014-6515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515> * CVE-2014-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456> * CVE-2014-6476 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476> * CVE-2014-6527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527> SUSE bug 904889 CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 java-1_7_0-ibm was updated to fix 21 security issues. These security issues were fixed: - CVE-2015-4729: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment (bsc#938895). - CVE-2015-4748: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security (bsc#938895). - CVE-2015-2664: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bsc#938895). - CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allowed remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine (bsc#938895). - CVE-2015-2613: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-4731: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX (bsc#938895). - CVE-2015-2637: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-4733: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bsc#938895). - CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590 (bsc#938895). - CVE-2015-2621: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allowed remote attackers to affect confidentiality via vectors related to JMX (bsc#938895). - CVE-2015-2619: Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732 (bsc#938895). - CVE-2015-2638: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JSSE (bsc#938895). - CVE-2015-2632: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#938895). - CVE-2015-1931: Unspecified vulnerability (bsc#938895). - CVE-2015-4760: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#938895). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#935540). - CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect confidentiality via vectors related to JCE (bsc#938895). - CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, did not properly combine state data with key data during the initialization phase, which made it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the 'Bar Mitzvah' issue (bsc#938895). - CVE-2015-4749: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allowed remote attackers to affect availability via vectors related to JNDI (bsc#938895). Important SUSE bug 935540 SUSE bug 938895 CVE-2015-0192 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues: - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 941939 SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Important SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Important SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This IBM Java 1.7.0 SR9 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 SUSE bug 992537 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_July_18_2017_CPU Important SUSE bug 1053431 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Security update to version 7.0.10.15 (bsc#1070162): * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm provides the following fixes: The version was updated to 7.0.10.20 [bsc#1082810]: * Following security issues were fixed: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ02284 JIT Compiler: Division by zero in JIT compiler - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 929900 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: IBM Java was updated to 7.1.4.25 (bsc#1093311, bsc#1085449) Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA java-1_7_0-ibm is updated to Java 7.0 Service Refresh 10 Fix Pack 35 (bsc#1116574): * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS * Java Virtual Machine - IJ10931 CVE-2018-3169 * JIT Compiler - IJ08205 CRASH WHILE COMPILING * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm to version 7.0.10.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 50 (bsc#1147021). Security issues fixed: - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1147021). - CVE-2019-4473: Fixed insecure RPATH in multiple binaries on AIX (bsc#1147021). - CVE-2019-7317: Fixed use-after-free in libpng, affecting client-libs/java.awt (bsc#1147021). - CVE-2019-11771: Fixed insecure RPATH in OpenJ9 on AIX (bsc#1147021). - CVE-2019-11775: Fixed failure to privatize a value pulled out of the loop by versioning (bsc#1147021). Moderate SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Update to 7.0 Service Refresh 10 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - The pack200 and unpack200 alternatives should be slaves of java [bsc#1171352] Moderate SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_0-ibm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_0-ibm fixes the following issues: Update Java 7.0 to Service Refresh 11 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles:11:sp3:teradata Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles:11:sp3:teradata Security update for jpeg (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Moderate SUSE bug 1062937 SUSE bug 1096209 SUSE bug 1098155 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 cpe:/o:suse:sles:11:sp3:teradata Security update for jpeg (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jpeg fixes the following issue: Security issue fixed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11212: Fixed divide by zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-14498: Fixed denial of service in get_8bit_row in rdbmp.c (bsc#1128712). Low SUSE bug 1122299 SUSE bug 1128712 CVE-2018-11212 CVE-2018-14498 cpe:/o:suse:sles:11:sp3:teradata Security update for jpeg (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for jpeg fixes the following issues: - CVE-2020-14152: Fixed an improper implementation which vould have potentially exhausted the memory (bsc#1172995). - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). Moderate SUSE bug 1172491 SUSE bug 1172995 CVE-2020-13790 CVE-2020-14152 cpe:/o:suse:sles:11:sp3:teradata Security update for kdebase4-workspace SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This kdebase4-workspace update fixes two security issues: * NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) * Memory leak that could lead to a denial of service. (CVE-2013-4133) Security Issues references: * CVE-2013-4132 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4132> * CVE-2013-4133 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4133> SUSE bug 829857 CVE-2013-4132 CVE-2013-4133 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdebase4-runtime SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 kdebase4-runtime has been updated to fix one security issue: * CVE-2013-7252: Added gpg based encryption support to kwallet (bnc#857200). Security Issues: * CVE-2013-7252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7252> SUSE bug 857200 CVE-2013-7252 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdelibs3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Moderate SUSE bug 958347 CVE-2015-7543 cpe:/o:suse:sles:11:sp3:teradata Security update for kdelibs4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kdirstat SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The following security issue has been fixed: * #868682: CVE-2014-2527 CVE-2014-2528: kdirstat: command injection in kcleanup Security Issues: * CVE-2014-2527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527> * CVE-2014-2528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528> SUSE bug 868682 CVE-2014-2527 CVE-2014-2528 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Linux kernel SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2) (bnc#871134). - drm/ast: open key before detect chips (bnc#895983). - drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - writeback: Do not sync data dirtied after sync start (bnc#833820). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add check for number of available vectors before CPU down (bnc#887418). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 833820 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871134 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879304 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 880892 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883096 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887418 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891281 SUSE bug 891619 SUSE bug 891746 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 SUSE bug 895221 SUSE bug 895608 SUSE bug 895680 SUSE bug 895983 SUSE bug 896689 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-3153 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet (bnc#975945). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure was initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. (bsc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability. (bsc#991608) The following non-security bugs were fixed: - Update patches.fixes/pci-determine-actual-vpd-size-on-first-access.patch (bsc#971729, bsc#974428). - Update PCI VPD size patch to upstream: * PCI: Determine actual VPD size on first access (bsc#971729). * PCI: Update VPD definitions (bsc#971729). (cherry picked from commit d2af5b7e0cd7ee2a54f02ad65ec300d16b3ad956) - Update patches.fixes/pci-update-vpd-definitions.patch (bsc#971729, bsc#974428). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - fs/cifs: Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid: add ALWAYS_POLL quirk for a Logitech 0xc055 (bnc#962404). - hid: add HP OEM mouse to quirk ALWAYS_POLL (bsc#919351). - hid: add quirk for PIXART OEM mouse used by HP (bsc#919351). - hid-elo: kill not flush the work. - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - nfs: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - nfs: reduce access cache shrinker locking (bnc#866130). - ppp: defer netns reference release for ppp channel (bsc#980371). - s390/cio: collect format 1 channel-path description data (bsc#966460,LTC#136434). - s390/cio: ensure consistent measurement state (bsc#966460,LTC#136434). - s390/cio: fix measurement characteristics memleak (bsc#966460,LTC#136434). - s390/cio: update measurement characteristics (bsc#966460,LTC#136434). - usbhid: add device USB_DEVICE_ID_LOGITECH_C077 (bsc#919351). - usbhid: more mice with ALWAYS_POLL (bsc#919351). - usbhid: yet another mouse with ALWAYS_POLL (bsc#919351). - veth: do not modify ip_summed (bsc#969149). - virtio_scsi: Implement eh_timed_out callback. - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#987709). Important SUSE bug 839104 SUSE bug 866130 SUSE bug 919351 SUSE bug 944309 SUSE bug 950998 SUSE bug 960689 SUSE bug 962404 SUSE bug 963655 SUSE bug 963762 SUSE bug 966460 SUSE bug 969149 SUSE bug 970114 SUSE bug 971126 SUSE bug 971360 SUSE bug 971446 SUSE bug 971729 SUSE bug 971944 SUSE bug 974428 SUSE bug 975945 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979213 SUSE bug 979274 SUSE bug 979548 SUSE bug 979681 SUSE bug 979867 SUSE bug 979879 SUSE bug 980371 SUSE bug 980725 SUSE bug 980788 SUSE bug 980931 SUSE bug 981267 SUSE bug 983143 SUSE bug 983213 SUSE bug 983535 SUSE bug 984107 SUSE bug 984755 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 986572 SUSE bug 987709 SUSE bug 988065 SUSE bug 989152 SUSE bug 989401 SUSE bug 991608 CVE-2013-4312 CVE-2015-7513 CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3955 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5696 CVE-2016-5829 CVE-2016-6480 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Important SUSE bug 1027565 CVE-2017-2636 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Critical) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Critical SUSE bug 1039348 SUSE bug 979021 CVE-2015-3288 CVE-2017-1000364 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Important SUSE bug 1045340 SUSE bug 1045406 CVE-2017-1000364 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Important SUSE bug 1059525 CVE-2017-1000253 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119). The following non-security bugs were fixed: - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: x86: Free vmx_msr_bitmap_longmode while kvm_init failed (bsc#1104367). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Important SUSE bug 1057199 SUSE bug 1087081 SUSE bug 1092903 SUSE bug 1102517 SUSE bug 1103119 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105100 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105323 SUSE bug 1105536 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1107001 SUSE bug 1107689 SUSE bug 1108912 CVE-2018-10902 CVE-2018-10940 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Important SUSE bug 851068 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 886785 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 919463 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923245 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 927786 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930761 SUSE bug 930934 SUSE bug 931538 SUSE bug 932348 SUSE bug 932458 SUSE bug 933429 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934742 SUSE bug 934944 SUSE bug 935053 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936925 SUSE bug 937032 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 942350 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel do not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.(bsc#966437). - CVE-2015-8816: A malicious USB device could cause kernel crashes in the in hub_activate() function (bnc#968010). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767). - CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504, LTC#138810). - CVE-2016-2184: A malicious USB device could cause kernel crashes in the alsa usb-audio device driver (bsc#971125). - CVE-2016-2185: A malicious USB device could cause kernel crashes in the usb_driver_claim_interface function (bnc#971124). - CVE-2016-2186: A malicious USB device could cause kernel crashes in the powermate device driver (bnc#970958). - CVE-2016-2384: A double free on the ALSA umidi object was fixed. (bsc#966693). - CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA seq driver was fixed. (bsc#967972). - CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver was fixed. (bsc#967973). - CVE-2016-2545: A double unlink of active_list in the ALSA timer driver was fixed. (bsc#967974). - CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975). - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list handling was hardened against hangs and races. (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012). - CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013). - CVE-2016-2782: A malicious USB device could cause kernel crashes in the visor device driver (bnc#968670). - CVE-2016-3137: A malicious USB device could cause kernel crashes in the cypress_m8 device driver (bnc#970970). - CVE-2016-3139: A malicious USB device could cause kernel crashes in the wacom device driver (bnc#970909). - CVE-2016-3140: A malicious USB device could cause kernel crashes in the digi_acceleport device driver (bnc#970892). - CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4 hangs when removing a device with a large number of addresses. (bsc#971360). - CVE-2016-3955: A remote buffer overflow in the usbip driver could be used by authenticated attackers to crash the kernel. (bsc#975945) - CVE-2016-2847: A local user could exhaust kernel memory by pushing lots of data into pipes. (bsc#970948). - CVE-2016-2188: A malicious USB device could cause kernel crashes in the iowarrior device driver (bnc#970956). - CVE-2016-3138: A malicious USB device could cause kernel crashes in the cdc-acm device driver (bnc#970911). The following non-security bugs were fixed: - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - cifs: Schedule on hard mount retry (bsc#941514). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kbuild: create directory for dir/file.o (bsc#959312). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - nfs4: treat lock owners as opaque values (bnc#968141). - nfs: Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfs: use smaller allocations for 'struct id_map' (bsc#965923). - nfsv4: Fix two infinite loops in the mount code (bsc#954628). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pciback: do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set. - pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. - pciback: return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled. - pciback: return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled. - pci: Update VPD size with correct length (bsc#958906). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rdma/ucma: Fix AB-BA deadlock (bsc#963998). - README.BRANCH: Switch to LTSS mode - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Restore kabi after lock-owner change (bnc#968141). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - sunrcp: restore fair scheduling to priority queues (bsc#955308). - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - tg3: 5715 does not link up when autoneg off (bsc#904035). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - vmxnet3: fix netpoll race condition (bsc#958912). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: fix maintenance of guest/host xcr0 state (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - x86/mce: Fix return value of mce_chrdev_read() when erst is disabled (bsc#934787). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfrm: do not segment UFO packets (bsc#946122). - xhci: silence TD warning (bnc#939955). Important SUSE bug 758040 SUSE bug 781018 SUSE bug 879378 SUSE bug 879381 SUSE bug 904035 SUSE bug 924919 SUSE bug 934787 SUSE bug 935123 SUSE bug 937444 SUSE bug 939955 SUSE bug 940017 SUSE bug 940413 SUSE bug 940913 SUSE bug 940946 SUSE bug 941514 SUSE bug 942082 SUSE bug 946122 SUSE bug 947128 SUSE bug 948330 SUSE bug 949298 SUSE bug 949752 SUSE bug 949936 SUSE bug 950750 SUSE bug 950998 SUSE bug 951392 SUSE bug 952976 SUSE bug 954628 SUSE bug 955308 SUSE bug 955354 SUSE bug 955654 SUSE bug 955673 SUSE bug 956375 SUSE bug 956514 SUSE bug 956707 SUSE bug 956708 SUSE bug 956709 SUSE bug 956852 SUSE bug 956949 SUSE bug 957988 SUSE bug 957990 SUSE bug 958463 SUSE bug 958886 SUSE bug 958906 SUSE bug 958912 SUSE bug 958951 SUSE bug 959190 SUSE bug 959312 SUSE bug 959399 SUSE bug 959705 SUSE bug 960857 SUSE bug 961500 SUSE bug 961509 SUSE bug 961512 SUSE bug 961516 SUSE bug 961518 SUSE bug 963276 SUSE bug 963765 SUSE bug 963767 SUSE bug 963998 SUSE bug 964201 SUSE bug 965319 SUSE bug 965923 SUSE bug 966437 SUSE bug 966693 SUSE bug 967863 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968010 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 968141 SUSE bug 968670 SUSE bug 969307 SUSE bug 970504 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971360 SUSE bug 973570 SUSE bug 974646 SUSE bug 975945 CVE-2013-7446 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3955 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This feature is disabled on unaffected architectures. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel didn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695 1074033). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - asm alternatives: remove incorrect alignment notes. - getcwd: Close race with d_move called by lustre (bsc#1052593). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - ptrace: Add a new thread access check (bsc#1068032). - Revert 'mac80211: accept key reinstall without changing anything' This reverts commit 1def0d4e1446974356bacd9f4be06eee32b66473. - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier (bsc#1068032). - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi: mpt2sas: fix cleanup on controller resource mapping failure (bsc#999245). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - temporary fix (bsc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). Important SUSE bug 1010175 SUSE bug 1034862 SUSE bug 1045327 SUSE bug 1050231 SUSE bug 1052593 SUSE bug 1056982 SUSE bug 1057179 SUSE bug 1057389 SUSE bug 1058524 SUSE bug 1062520 SUSE bug 1063544 SUSE bug 1063667 SUSE bug 1066295 SUSE bug 1066472 SUSE bug 1066569 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066618 SUSE bug 1066625 SUSE bug 1066650 SUSE bug 1066671 SUSE bug 1066693 SUSE bug 1066700 SUSE bug 1066705 SUSE bug 1067085 SUSE bug 1068032 SUSE bug 1068671 SUSE bug 1069702 SUSE bug 1069708 SUSE bug 1070771 SUSE bug 1071074 SUSE bug 1071470 SUSE bug 1071695 SUSE bug 1072561 SUSE bug 1072876 SUSE bug 1073792 SUSE bug 1073874 SUSE bug 1074033 SUSE bug 999245 CVE-2017-1000251 CVE-2017-11600 CVE-2017-13080 CVE-2017-13167 CVE-2017-14106 CVE-2017-14140 CVE-2017-14340 CVE-2017-15102 CVE-2017-15115 CVE-2017-15265 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Important SUSE bug 1068032 CVE-2017-5715 CVE-2017-5753 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - cdc-acm: apply quirk for card reader (bsc#1060279). - Enable CPU vulnerabilities reporting via sysfs - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - Move kABI fixup for retpolines to proper place. - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Important SUSE bug 1012382 SUSE bug 1054305 SUSE bug 1060279 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076849 SUSE bug 1077406 SUSE bug 1077560 SUSE bug 1077922 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Update config files. Set CONFIG_RETPOLINE=y for i386. - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). Important SUSE bug 1046610 SUSE bug 1085279 SUSE bug 1087082 SUSE bug 1089895 SUSE bug 1091755 SUSE bug 1092497 SUSE bug 1094019 CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability existed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c kernel could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Important SUSE bug 1082962 SUSE bug 1083900 SUSE bug 1085107 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1092904 SUSE bug 1094353 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097234 SUSE bug 1098016 SUSE bug 1099924 SUSE bug 1099942 SUSE bug 1100418 SUSE bug 1104475 SUSE bug 1104684 SUSE bug 909361 CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021). The following non-security bugs were fixed: - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018, bsc#1104366). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (bug#1107189). - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (bug#1107189). - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (bug#1107189). - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (bug#1107189). - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189). - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (bug#1107189). - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070). - KEYS: prevent creating a different user's keyrings (bnc#1094186). - KVM: x86: Fix the duplicate failure path handling in vmx_init (bsc#1104367). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412). - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#1116412). - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#1116412). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#1116412). - NFS: Do not write enable new pages while an invalidation is proceeding (bsc#1116412). - NFS: Fix a regression in the read() syscall (bsc#1116412). - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412). - NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#1116412). - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - reiserfs: fix race in readdir (bsc#1039803). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: storvsc: Always send on the selected outgoing channel (bug#1107189). - scsi: storvsc: Do not assume that the scatterlist is not chained (bug#1107189). - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189). - scsi: storvsc: Increase the ring buffer size (bug#1107189). - scsi: storvsc: Size the queue depth based on the ringbuffer size (bug#1107189). - storvsc: fix a bug in storvsc limits (bug#1107189). - storvsc: force discovery of LUNs that may have been removed (bug#1107189). - storvsc: get rid of overly verbose warning messages (bug#1107189). - storvsc: in responce to a scan event, scan the host (bug#1107189). - storvsc: Set the SRB flags correctly when no data transfer is needed (bug#1107189). - udp: ipv4: Add udp early demux (bsc#1104070). - udp: restore UDPlite many-cast delivery (bsc#1104070). - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070). - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver (bsc#1104070). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename 'reclaim' (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - XFS: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - XFS: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1031240 SUSE bug 1039803 SUSE bug 1066674 SUSE bug 1071021 SUSE bug 1094186 SUSE bug 1094825 SUSE bug 1104070 SUSE bug 1104366 SUSE bug 1104367 SUSE bug 1107189 SUSE bug 1108498 SUSE bug 1109200 SUSE bug 1113201 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1116412 SUSE bug 1116841 SUSE bug 1117515 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120743 SUSE bug 905299 SUSE bug 936875 SUSE bug 968018 SUSE bug 990682 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for Linux kernel SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). * CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) * CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892) * CVE-2014-6410: Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed: * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). * ACPI: Limit access to custom_method (bnc#884333). * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746). * Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). * Add secure_modules() call (bnc#884333). * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). * Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. * Btrfs: Return EXDEV for cross file system snapshot. * Btrfs: abort the transaction when we does not find our extent ref. * Btrfs: avoid warning bomb of btrfs_invalidate_inodes. * Btrfs: cancel scrub on transaction abortion. * Btrfs: correctly set profile flags on seqlock retry. * Btrfs: does not check nodes for extent items. * Btrfs: fix a possible deadlock between scrub and transaction committing. * Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). * Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). * Btrfs: fix double free in find_lock_delalloc_range. * Btrfs: fix possible memory leak in btrfs_create_tree(). * Btrfs: fix use of uninit 'ret' in end_extent_writepage(). * Btrfs: free delayed node outside of root->inode_lock (bnc#866864). * Btrfs: make DEV_INFO ioctl available to anyone. * Btrfs: make FS_INFO ioctl available to anyone. * Btrfs: make device scan less noisy. * Btrfs: make sure there are not any read requests before stopping workers. * Btrfs: more efficient io tree navigation on wait_extent_bit. * Btrfs: output warning instead of error when loading free space cache failed. * Btrfs: retrieve more info from FS_INFO ioctl. * Btrfs: return EPERM when deleting a default subvolume (bnc#869934). * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). * Btrfs: use right type to get real comparison. * Btrfs: wake up @scrub_pause_wait as much as we can. * Btrfs: wake up transaction thread upon remount. * CacheFiles: Add missing retrieval completions (bnc#880344). * CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). * CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). * CacheFiles: Fix the marking of cached pages (bnc#880344). * CacheFiles: Implement invalidation (bnc#880344). * CacheFiles: Make some debugging statements conditional (bnc#880344). * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). * FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). * FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). * FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). * FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). * FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). * FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). * FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). * FS-Cache: Fix operation state management and accounting (bnc#880344). * FS-Cache: Fix signal handling during waits (bnc#880344). * FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). * FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). * FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). * FS-Cache: Mark cancellation of in-progress operation (bnc#880344). * FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). * FS-Cache: Provide proper invalidation (bnc#880344). * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). * FS-Cache: Uninline fscache_object_init() (bnc#880344). * FS-Cache: Wrap checks on object state (bnc#880344). * HID: usbhid: add always-poll quirk (bnc#888607). * HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). * Ignore 'flags' change to event_constraint (bnc#876114). * Ignore data_src/weight changes to perf_sample_data (bnc#876114). * NFS: Allow more operations in an NFSv4.1 request (bnc#890513). * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). * NFS: Does not copy read delegation stateids in setattr (bnc#888968). * NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) * NFS: Fixes for NFS RCU-walk support in line with code going upstream * NFS: Use FS-Cache invalidation (bnc#880344). * NFS: allow lockless access to access_cache (bnc#866130). * NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). * NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). * NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). * NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). * NFS: support RCU_WALK in nfs_permission() (bnc#866130). * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). * NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). * NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). * NFSv4: Add a helper for encoding opaque data (bnc#888968). * NFSv4: Add a helper for encoding stateids (bnc#888968). * NFSv4: Add helpers for basic copying of stateids (bnc#888968). * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). * NFSv4: Rename nfs4_copy_stateid() (bnc#888968). * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). * NFSv4: Simplify the struct nfs4_stateid (bnc#888968). * NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). * One more fix for kABI breakage. * PCI: Lock down BAR access when module security is enabled (bnc#884333). * PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). * PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). * PM / Hibernate: Implement position keeping in radix tree (bnc#860441). * PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). * Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). * Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). * USB: handle LPM errors during device suspend correctly (bnc#849123). * Update kabi files to reflect fscache change (bnc#880344) * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281) * VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). * acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). * af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). * asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). * autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). * autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). * autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). * autofs4: remove a redundant assignment (bnc#866130). * autofs: fix lockref lookup (bnc#888591). * be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). * block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). * block: fix race between request completion and timeout handling (bnc#881051). * cdc-ether: clean packet filter upon probe (bnc#876017). * cpuset: Fix memory allocator deadlock (bnc#876590). * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. * crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). * dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). * dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). * dm-mpath: fix panic on deleting sg device (bnc#870161). * drm/ast: AST2000 cannot be detected correctly (bnc#895983). * drm/ast: Actually load DP501 firmware when required (bnc#895608 bnc#871134). * drm/ast: Add missing entry to dclk_table[]. * drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). * drm/ast: initial DP501 support (v0.2) (bnc#871134). * drm/ast: open key before detect chips (bnc#895983). * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). * drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). * drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). * drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). * e1000e: enable support for new device IDs (bnc#885509). * fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). * hibernate: Disable in a signed modules environment (bnc#884333). * hugetlb: does not use ERR_PTR with VM_FAULT* values * ibmvscsi: Abort init sequence during error recovery (bnc#885382). * ibmvscsi: Add memory barriers for send / receive (bnc#885382). * inet: add a redirect generation id in inetpeer (bnc#860593). * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). * kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). * kernel: 3215 tty hang (bnc#891087, LTC#114562). * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). * kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). * kernel: sclp console tty reference counting (bnc#891087, LTC#115466). * kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). * md/raid6: avoid data corruption during recovery of double-degraded RAID6. * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() * mm, hugetlb: change variable name reservations to resv * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache * mm, hugetlb: defer freeing pages when gathering surplus pages * mm, hugetlb: do not use a page in page cache for cow optimization * mm, hugetlb: fix and clean-up node iteration code to alloc or free * mm, hugetlb: fix race in region tracking * mm, hugetlb: fix subpool accounting handling * mm, hugetlb: improve page-fault scalability * mm, hugetlb: improve, cleanup resv_map parameters * mm, hugetlb: move up the code which check availability of free huge page * mm, hugetlb: protect reserved pages when soft offlining a hugepage * mm, hugetlb: remove decrement_hugepage_resv_vma() * mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() * mm, hugetlb: remove resv_map_put * mm, hugetlb: remove useless check about mapping type * mm, hugetlb: return a reserved page to a reserved pool if failed * mm, hugetlb: trivial commenting fix * mm, hugetlb: unify region structure handling * mm, hugetlb: unify region structure handling kabi * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). * mm, hugetlb: use vma_resv_map() map types * mm, oom: fix badness score underflow (bnc#884582, bnc#884767). * mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). * mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). * net/mlx4_core: Load higher level modules according to ports type (bnc#887680). * net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). * net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). * net: fix checksumming features handling in output path (bnc#891259). * pagecache_limit: batch large nr_to_scan targets (bnc#895221). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). * perf/core: Add weighted samples (bnc#876114). * perf/x86: Add flags to event constraints (bnc#876114). * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). * perf: Add generic memory sampling interface (bnc#876114). * qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). * qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). * qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). * qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). * qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). * qla2xxx: Set host can_queue value based on available resources (bnc#859840). * restore smp_mb() in unlock_new_inode() (bnc#890526). * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). * sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). * sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). * scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). * scsiback: correct grant page unmapping. * scsiback: fix retry handling in __report_luns(). * scsiback: free resources after error. * sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). * supported.conf: remove external from drivers/net/veth (bnc#889727) * supported.conf: support net/sched/act_police.ko (bnc#890426) * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * tg3: Change nvram command timeout value to 50ms (bnc#855657). * tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). * tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). * usb: Does not enable LPM if the exit latency is zero (bnc#832309). * usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). * usbhid: fix PIXART optical mouse (bnc#888607). * uswsusp: Disable when module loading is restricted (bnc#884333). * vscsi: support larger transfer sizes (bnc#774818). * writeback: Do not sync data dirtied after sync start (bnc#833820). * x86 thermal: Delete power-limit-notification console messages (bnc#882317). * x86 thermal: Disable power limit notification interrupt by default (bnc#882317). * x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). * x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418). * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). * x86/UV: Add kdump to UV NMI handler (bnc#888847). * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). * x86/UV: Move NMI support (bnc#888847). * x86/UV: Update UV support for external NMI signals (bnc#888847). * x86/uv/nmi: Fix Sparse warnings (bnc#888847). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: Lock down IO port access when module security is enabled (bnc#884333). * x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> * CVE-2014-6410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410> The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. Following security bugs were fixed: CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application (bnc#816708). CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804). CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call (bnc#883518). CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (bnc#889173). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490) CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490) CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639) The following non-security bugs were fixed: - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset register is implemented in system memory (bnc#882900). - ACPI: Limit access to custom_method (bnc#884333). - Add option to automatically enforce module signatures when in Secure Boot mode (bnc#884333). - Add secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix csum tree corruption, duplicate and outdated checksums (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol (bnc#866615). - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions (bnc#880344). - CacheFiles: Does not try to dump the index key if the cookie has been cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to the allocator (bnc#880344). - CacheFiles: Fix the marking of cached pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). - CacheFiles: Make some debugging statements conditional (bnc#880344). - Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840). - FS-Cache: Add transition to handle invalidate immediately after lookup (bnc#880344). - FS-Cache: Check that there are no read ops when cookie relinquished (bnc#880344). - FS-Cache: Clear remaining page count on retrieval cancellation (bnc#880344). - FS-Cache: Convert the object event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344). - FS-Cache: Exclusive op submission can BUG if there is been an I/O error (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state machine to have separate work and wait states (bnc#880344). - FS-Cache: Fix operation state management and accounting (bnc#880344). - FS-Cache: Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise the object event mask with the calculated mask (bnc#880344). - FS-Cache: Limit the number of I/O error reports for a cache (bnc#880344). - FS-Cache: Make cookie relinquishment wait for outstanding reads (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation (bnc#880344). - FS-Cache: One of the write operation paths doeses not set the object state (bnc#880344). - FS-Cache: Provide proper invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache: Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on object state (bnc#880344). - HID: usbhid: add always-poll quirk (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297). - Ignore 'flags' change to event_constraint (bnc#876114). - Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS: Allow more operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read delegation stateids in setattr (bnc#888968). - NFS: Does not use a delegation to open a file when returning that delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130). - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts (bnc#888591). - NFS: nfs4_do_open should add negative results to the dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only evaluate parent if it will be used (bnc#866130). - NFS: prepare for RCU-walk support but pushing tests later in code (bnc#866130). - NFS: support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does not hand out delegations for 30 seconds after recalling them (bnc#880370). - NFSv4 set open access operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200, bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). - NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the same for replayed RPC calls (bnc#888968). - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled (bnc#884333). - PCI: enable MPS 'performance' setting to properly handle bridge MPS (bnc#883376). - PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM / Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when module loading is restricted (bnc#884333). - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM errors during device suspend correctly (bnc#849123). - Update kabi files to reflect fscache change (bnc#880344) - VFS: Make more complete truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted (bnc#884333). - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring (bnc#866130). - autofs4: factor should_expire() out of autofs4_expire_indirect (bnc#866130). - autofs4: make 'autofs4_can_expire' idempotent (bnc#866130). - autofs4: remove a redundant assignment (bnc#866130). - autofs: fix lockref lookup (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page() (bnc#881759). - block: add cond_resched() to potentially long running ioctl discard loop (bnc#884725). - block: fix race between request completion and timeout handling (bnc#881051). - cdc-ether: clean packet filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode (bnc#889451). - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on deleting sg device (bnc#870161). - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode (bnc#892723). - drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055). - drm/i915: create functions for the 'unclaimed register' checks (bnc#869055). - drm/i915: use FPGA_DBG for the 'unclaimed register' checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev memory (bnc #806990). - e1000e: enable support for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from the condition in while() (bnc#880344). - hibernate: Disable in a signed modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory barriers for send / receive (bnc#885382). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions (bnc#884333). - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm, thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). - net/mlx4_core: Load higher level modules according to ports type (bnc#887680). - net/mlx4_core: Load the IB driver when the device supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058). - net: fix checksumming features handling in output path (bnc#891259). - perf/core: Add weighted samples (bnc#876114). - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (bnc#859840). - qla2xxx: Set host can_queue value based on available resources (bnc#859840). - restore smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race (bnc#876055). - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue' (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache (bnc#866130). - supported.conf: remove external from drivers/net/veth (bnc#889727) - supported.conf: support net/sched/act_police.ko (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - tg3: Change nvram command timeout value to 50ms (bnc#855657). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#855657). - usb: Does not enable LPM if the exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive debounce failures of the same port (bnc#888105). - usbhid: fix PIXART optical mouse (bnc#888607). - uswsusp: Disable when module loading is restricted (bnc#884333). - vscsi: support larger transfer sizes (bnc#774818). - x86 thermal: Delete power-limit-notification console messages (bnc#882317). - x86 thermal: Disable power limit notification interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit notification interrupt by default (bnc#882317). - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV: Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Lock down IO port access when module security is enabled (bnc#884333). - x86: Restrict MSR access when module loading is restricted (bnc#884333). Security Issues: * CVE-2013-1979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979> * CVE-2014-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739> * CVE-2014-2706 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706> * CVE-2014-4027 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027> * CVE-2014-4171 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> SUSE bug 774818 SUSE bug 806990 SUSE bug 816708 SUSE bug 826486 SUSE bug 832309 SUSE bug 849123 SUSE bug 855657 SUSE bug 859840 SUSE bug 860441 SUSE bug 860593 SUSE bug 863586 SUSE bug 866130 SUSE bug 866615 SUSE bug 866864 SUSE bug 866911 SUSE bug 869055 SUSE bug 869934 SUSE bug 870161 SUSE bug 871797 SUSE bug 876017 SUSE bug 876055 SUSE bug 876114 SUSE bug 876590 SUSE bug 879921 SUSE bug 880344 SUSE bug 880370 SUSE bug 881051 SUSE bug 881759 SUSE bug 882317 SUSE bug 882639 SUSE bug 882804 SUSE bug 882900 SUSE bug 883376 SUSE bug 883518 SUSE bug 883724 SUSE bug 884333 SUSE bug 884582 SUSE bug 884725 SUSE bug 884767 SUSE bug 885262 SUSE bug 885382 SUSE bug 885422 SUSE bug 885509 SUSE bug 886840 SUSE bug 887082 SUSE bug 887503 SUSE bug 887608 SUSE bug 887645 SUSE bug 887680 SUSE bug 888058 SUSE bug 888105 SUSE bug 888591 SUSE bug 888607 SUSE bug 888847 SUSE bug 888849 SUSE bug 888968 SUSE bug 889061 SUSE bug 889173 SUSE bug 889451 SUSE bug 889614 SUSE bug 889727 SUSE bug 890297 SUSE bug 890426 SUSE bug 890513 SUSE bug 890526 SUSE bug 891087 SUSE bug 891259 SUSE bug 891619 SUSE bug 892200 SUSE bug 892490 SUSE bug 892723 SUSE bug 893064 SUSE bug 893496 SUSE bug 893596 SUSE bug 894200 CVE-2013-1979 CVE-2014-1739 CVE-2014-2706 CVE-2014-4027 CVE-2014-4171 CVE-2014-4508 CVE-2014-4667 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032). - xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). Important SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087086 SUSE bug 1087088 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 CVE-2018-3665 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in microcode via #DB exception (bsc#954404). - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in microcode via #AC exception (bsc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bsc#938706). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951440). - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by validating before applying it (bsc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bsc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered permanent file-descriptor allocation (bsc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bsc#814440). - btrfs: fix hang when failing to submit bio of directIO (bsc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bsc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would have merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn merge heuristic (bsc#904348). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Get rid if the '^A' in struct drm_i915_private (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - fix lpfc_send_rscn_event allocation size claims bsc#935757 - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bsc#947957). - ib/iser: Add Discovery support (bsc#923002). - ib/iser: Move informational messages from error to info level (bsc#923002). - ib/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: Fix reuse connection if real server is dead (bsc#945827). - ipvs: drop first packet to dead server (bsc#946078). - keys: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bsc#930788). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - macvlan: Support bonding events bsc#948521 - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bsc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bsc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bsc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bsc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bsc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bsc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017, bsc#949298). - mm: make page pfmemalloc check more robust (bsc#920016). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786). - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786). - pci: Add flag indicating device has been assigned by KVM (bsc#777565). - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084). - pci: Refresh First VF Offset and VF Stride when updating NumVFs (bsc#952084). - pci: Update NumVFs register when disabling SR-IOV (bsc#952084). - pci: delay configuration of SRIOV capability (bsc#952084). - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bsc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bsc#933721). - usb: xhci: Reset a halted endpoint immediately when we encounter a stall (bsc#933721). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bsc#944989). - usb: xhci: do not start a halted endpoint before its new dequeue is set (bsc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721). - x86/tsc: Change Fast TSC calibration failed from error to info (bsc#942605). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788). - xfs: add background scanning to clear eofblocks inodes (bsc#930788). - xfs: add inode id filtering to eofblocks scan (bsc#930788). - xfs: add minimum file size filtering to eofblocks scan (bsc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788). - xfs: create helper to check whether to free eofblocks on inode (bsc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bsc#930788). - xfs: support a tag-based inode_ag_iterator (bsc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bsc#949981). - xhci: Allocate correct amount of scratchpad buffers (bsc#933721). - xhci: Calculate old endpoints correctly on device reset (bsc#944831). - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bsc#945691). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bsc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bsc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502). - xhci: do not report PLC when link is in internal resume state (bsc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bsc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721). - xhci: report U3 when link is in resume state (bsc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721). - xhci: use uninterruptible sleep for waiting for internal operations (bsc#939955). Important SUSE bug 777565 SUSE bug 814440 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 920016 SUSE bug 923002 SUSE bug 926007 SUSE bug 926709 SUSE bug 926774 SUSE bug 930145 SUSE bug 930788 SUSE bug 932350 SUSE bug 932805 SUSE bug 933721 SUSE bug 935053 SUSE bug 935757 SUSE bug 936118 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940925 SUSE bug 941202 SUSE bug 942204 SUSE bug 942305 SUSE bug 942367 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949981 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 953527 SUSE bug 953980 SUSE bug 954404 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Important SUSE bug 1004418 CVE-2016-5195 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bsc#1029850). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bsc#1038879). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 1050677 ). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336) - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. This requires a malicious PCI Card. (bnc#1037994). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary could have overflowed the parport_nr array in the following code (bnc#1039456). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). The following non-security bugs were fixed: - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - btrfs: cleanup code of btrfs_balance_delayed_items() (bsc#1034838). - btrfs: do not run delayed nodes again after all nodes flush (bsc#1034838). - btrfs: remove btrfs_end_transaction_dmeta() (bsc#1034838). - btrfs: remove residual code in delayed inode async helper (bsc#1034838). - btrfs: use flags instead of the bool variants in delayed node (bsc#1034838). - cifs: cifs_get_root shouldn't use path with tree name, alternate fix (bsc#963655, bsc#979681, bsc#1027406). - dentry name snapshots (bsc#1049483). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562) (bsc#948562). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919, bnc#1053760). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - keys: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - nfs: Avoid getting confused by confused server (bsc#1045416). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Make nfs_readdir revalidate less often (bsc#1048232). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - sunrpc: Clean up the slot table allocation (bsc#1013862). - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - usb: wusbcore: fix NULL-deref at probe (bsc#1045487). - Use make --output-sync feature when available (bsc#1012422). - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). Important SUSE bug 1006919 SUSE bug 1012422 SUSE bug 1013862 SUSE bug 1017143 SUSE bug 1020229 SUSE bug 1021256 SUSE bug 1023051 SUSE bug 1024938 SUSE bug 1025013 SUSE bug 1025235 SUSE bug 1026024 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027101 SUSE bug 1027178 SUSE bug 1027179 SUSE bug 1027406 SUSE bug 1028415 SUSE bug 1028880 SUSE bug 1029212 SUSE bug 1029850 SUSE bug 1030213 SUSE bug 1030573 SUSE bug 1030575 SUSE bug 1030593 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031481 SUSE bug 1031579 SUSE bug 1031660 SUSE bug 1033287 SUSE bug 1033336 SUSE bug 1034670 SUSE bug 1034838 SUSE bug 1035576 SUSE bug 1037182 SUSE bug 1037183 SUSE bug 1037994 SUSE bug 1038544 SUSE bug 1038564 SUSE bug 1038879 SUSE bug 1038883 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039349 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1041431 SUSE bug 1042364 SUSE bug 1042863 SUSE bug 1042892 SUSE bug 1044125 SUSE bug 1045416 SUSE bug 1045487 SUSE bug 1046107 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049882 SUSE bug 1050677 SUSE bug 1052311 SUSE bug 1053148 SUSE bug 1053152 SUSE bug 1053760 SUSE bug 1056588 SUSE bug 870618 SUSE bug 948562 SUSE bug 957988 SUSE bug 957990 SUSE bug 963655 SUSE bug 972891 SUSE bug 979681 SUSE bug 983212 SUSE bug 986924 SUSE bug 989896 SUSE bug 999245 CVE-2016-10200 CVE-2016-5243 CVE-2017-1000112 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11176 CVE-2017-11473 CVE-2017-12762 CVE-2017-14051 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-7616 CVE-2017-8831 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-16276: An issue was discovered in yurex_read in drivers/usb/misc/yurex.c where local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). The following non-security bugs were fixed: - net: fix neighbours after MAC change (bnc#905299). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). - x86/fpu: fix signal handling with eager FPU switching (ia32) (bsc#1108227). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). Important SUSE bug 1099922 SUSE bug 1102870 SUSE bug 1106095 SUSE bug 1107829 SUSE bug 1108227 SUSE bug 1109967 SUSE bug 1110247 SUSE bug 1113337 SUSE bug 905299 CVE-2018-12896 CVE-2018-14617 CVE-2018-14633 CVE-2018-16276 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - KABI: x86/kaiser: properly align trampoline stack. - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - kvm/x86: fix icebp instruction handling (bsc#1087088). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Important SUSE bug 1010470 SUSE bug 1039348 SUSE bug 1052943 SUSE bug 1062568 SUSE bug 1062840 SUSE bug 1063416 SUSE bug 1067118 SUSE bug 1072689 SUSE bug 1072865 SUSE bug 1078669 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078674 SUSE bug 1080464 SUSE bug 1080757 SUSE bug 1082424 SUSE bug 1083242 SUSE bug 1083483 SUSE bug 1083494 SUSE bug 1084536 SUSE bug 1085331 SUSE bug 1086162 SUSE bug 1087088 SUSE bug 1087209 SUSE bug 1087260 SUSE bug 1087762 SUSE bug 1088147 SUSE bug 1088260 SUSE bug 1089608 SUSE bug 1089752 SUSE bug 940776 CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for krb5 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This MIT krb5 update fixes a buffer overrun problem in kadmind: * bnc#891082: buffer overrun in kadmind with LDAP back end (MITKRB5-SA-2014-001) (CVE-2014-4345) MIT krb5 Security Advisory 2014-001 * http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt Security Issues: * CVE-2014-4345 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345> SUSE bug 891082 CVE-2014-4345 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Moderate SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8631 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Moderate SUSE bug 971942 CVE-2016-3119 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following issues: - Incorrect string handling in build_principal_va can lead to DOS. (bsc#952190, CVE-2015-2697) - Fix potential heap corruption and crash vulnerability described in MIT krb5 Security Advisory 2012-001. (bsc#770172, CVE-2012-1015) - Fix prep_reprocess_req NULL pointer deref. (bsc#816413, CVE-2013-1416) - Fix Denial of service in krb5_read_message. (bsc#918595, CVE-2014-5355) Moderate SUSE bug 770172 SUSE bug 816413 SUSE bug 918595 SUSE bug 952190 CVE-2012-1015 CVE-2013-1416 CVE-2014-5355 CVE-2015-2697 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following issues: Security issues fixed: - CVE-2017-11368: Fix an unintended assertion failure in KDC (bsc#1049819) Also the openssl1 LDAP library build is now used for the LDAP plugin components. (bsc#1025126). Moderate SUSE bug 1025126 SUSE bug 1049819 CVE-2017-11368 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following security issues: - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) Important SUSE bug 1056995 SUSE bug 1065274 CVE-2017-11462 CVE-2017-15088 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for krb5 fixes the following issues: Security issues fixed: - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). Moderate SUSE bug 1083926 SUSE bug 1083927 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sles:11:sp3:teradata Security update for krb5 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for krb5 fixes the following issues: * When randomizing the keys for a service principal, current keys could be returned. (CVE-2014-5351) * klist -s crashes when handling multiple referral entries. (bnc#890623) Security Issues: * CVE-2014-5351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351> SUSE bug 890623 SUSE bug 897874 CVE-2014-5351 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 krb5 has been updated to fix four security issues: * CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002) Additionally, these non-security issues have been fixed: * Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557) Security Issues: * CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423> SUSE bug 872912 SUSE bug 906557 SUSE bug 912002 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kvm SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 kvm has been updated to fix issues in the embedded qemu: * CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-3461: A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-0222: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. Non-security bugs fixed: * Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842) * Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535) Security Issues: * CVE-2014-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222> * CVE-2014-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223> * CVE-2014-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461> SUSE bug 876842 SUSE bug 877642 SUSE bug 877645 SUSE bug 878541 SUSE bug 886535 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Important SUSE bug 938344 CVE-2015-5154 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Bugs fixed: - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) Important SUSE bug 947164 SUSE bug 950590 SUSE bug 953187 SUSE bug 956829 SUSE bug 957162 CVE-2015-7512 CVE-2015-8345 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush (bsc#936132) Important SUSE bug 895528 SUSE bug 901508 SUSE bug 928393 SUSE bug 934069 SUSE bug 936132 SUSE bug 940929 SUSE bug 944463 SUSE bug 945404 SUSE bug 945987 SUSE bug 945989 SUSE bug 947159 SUSE bug 958491 SUSE bug 958917 SUSE bug 959005 SUSE bug 960334 SUSE bug 960725 SUSE bug 961332 SUSE bug 961333 SUSE bug 961358 SUSE bug 961556 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 964413 SUSE bug 967969 SUSE bug 969350 SUSE bug 970036 SUSE bug 970037 SUSE bug 975128 SUSE bug 975136 SUSE bug 975700 SUSE bug 976109 SUSE bug 978158 SUSE bug 978160 SUSE bug 980711 SUSE bug 980723 CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6855 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA kvm was updated to fix 16 security issues. These security issues were fixed: - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. (bsc#944697). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013). - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012). - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223). - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222). - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017). - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018). - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959). - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982). - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080). - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466). - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). Moderate SUSE bug 902737 SUSE bug 944697 SUSE bug 967012 SUSE bug 967013 SUSE bug 982017 SUSE bug 982018 SUSE bug 982019 SUSE bug 982222 SUSE bug 982223 SUSE bug 982285 SUSE bug 982959 SUSE bug 983961 SUSE bug 983982 SUSE bug 991080 SUSE bug 991466 SUSE bug 996441 CVE-2014-7815 CVE-2015-6815 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-7116 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE11-SP3 Important SUSE bug 1001151 SUSE bug 1002550 SUSE bug 1002557 SUSE bug 1003878 SUSE bug 1003893 SUSE bug 1003894 SUSE bug 1004702 SUSE bug 1004707 SUSE bug 1006536 SUSE bug 1006538 SUSE bug 1007391 SUSE bug 1007450 SUSE bug 1007454 SUSE bug 1007493 SUSE bug 1007494 SUSE bug 1007495 SUSE bug 998516 CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) * Fix privilege escalation in TCG mode (bsc#1030624) These non-security issues were fixed: - bsc#1045035: Fixed regression introduced by previous virtfs security fixes - bsc#1038396: Fixed 12 tempest tests - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun - bsc#1049785: Make virsh dump output readable by crash - bsc#1015048: Fixed virtio interface failure - bsc#1016779: Fixed graphical update errors introduced by previous security fix - Fixed various inaccuracies in cirrus vga device emulation Important SUSE bug 1013285 SUSE bug 1014109 SUSE bug 1014111 SUSE bug 1014702 SUSE bug 1015048 SUSE bug 1016779 SUSE bug 1020427 SUSE bug 1021129 SUSE bug 1021741 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023907 SUSE bug 1024972 SUSE bug 1025109 SUSE bug 1028184 SUSE bug 1028656 SUSE bug 1030624 SUSE bug 1031051 SUSE bug 1034044 SUSE bug 1034866 SUSE bug 1034908 SUSE bug 1035406 SUSE bug 1035950 SUSE bug 1037242 SUSE bug 1038396 SUSE bug 1039495 SUSE bug 1042159 SUSE bug 1042800 SUSE bug 1042801 SUSE bug 1043296 SUSE bug 1045035 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1049785 SUSE bug 1056334 SUSE bug 1057585 SUSE bug 1062069 SUSE bug 1063122 CVE-2016-10155 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: A security flaw mitigation has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Also a security fix has been applied: - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Important SUSE bug 1026612 SUSE bug 1068032 CVE-2017-2633 CVE-2017-5715 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Additional security fixes: - CVE-2018-5683: An out-of-bounds read in vga_draw_text routine was fixed which could lead to crashes or information leakage. (bsc#1076114) - CVE-2018-7550: multiboot OOB access while loading kernel image was fixed that could lead to crashes (bsc#1083291) - CVE-2017-18030: An out-of-bounds access in cirrus_invalidate_region routine could lead to crashes or information leakage (bsc#1076179) - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Important SUSE bug 1068032 SUSE bug 1076114 SUSE bug 1076179 SUSE bug 1082276 SUSE bug 1083291 CVE-2017-18030 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1112185 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Non-security issue fixed: - Fixed LAPIC TSC deadline timer save/restore (bsc#1109544) Important SUSE bug 1109544 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1123156 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix use-after-free in slirp (CVE-2019-15890 bsc#1149811) - Fix for similar problems as for the original fix prompting this issue (CVE-2019-6778 bsc#1123156) - Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 CVE-2020-7039 bsc#1161066) - Fix use after free in slirp (CVE-2020-1983 bsc#1170940) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Important SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1170940 SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172478 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178934 SUSE bug 1179467 SUSE bug 1181108 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 CVE-2014-3689 CVE-2015-1779 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 CVE-2020-14364 CVE-2020-1983 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-29130 CVE-2020-29443 CVE-2020-7039 CVE-2020-8608 CVE-2021-20181 CVE-2021-20257 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473) - CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612) - CVE-2020-11947: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523) - CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933) - CVE-2020-25707: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c. (bsc#1178683) - CVE-2020-15863: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c. (bsc#1174386) Important SUSE bug 1031692 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1178683 SUSE bug 1180523 SUSE bug 1181933 SUSE bug 1186473 SUSE bug 1187364 SUSE bug 1187367 CVE-2020-11947 CVE-2020-15469 CVE-2020-15863 CVE-2020-25707 CVE-2021-20221 CVE-2021-3416 CVE-2021-3592 CVE-2021-3594 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for kvm fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Moderate SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 cpe:/o:suse:sles:11:sp3:teradata Security update for kvm and libvirt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm: * Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) * Fix performance degradation after migration. (bsc#878350) * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) * Add validate hex properties for qdev. (bsc#852397) * Add boot option to do strict boot (bsc#900084) * Add query-command-line-options QMP command. (bsc#899144) * Fix incorrect return value of migrate_cancel. (bsc#843074) * Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt: * Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) * Fix domain deadlock. (bsc#899484, CVE-2014-3657) * Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) * Fix undefined symbol when starting virtlockd. (bsc#910145) * Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) * Add support for 'reboot-timeout' in qemu. (bsc#899144) * Increase QEMU's monitor timeout to 30sec. (bsc#911742) * Allow setting QEMU's migration max downtime any time. (bsc#879665) Security Issues: * CVE-2014-7823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823> * CVE-2014-3657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657> * CVE-2014-3633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633> * CVE-2014-3640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640> * CVE-2014-7840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840> * CVE-2014-8106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106> SUSE bug 843074 SUSE bug 852397 SUSE bug 878350 SUSE bug 879665 SUSE bug 897654 SUSE bug 897783 SUSE bug 899144 SUSE bug 899484 SUSE bug 900084 SUSE bug 904176 SUSE bug 905097 SUSE bug 907805 SUSE bug 908381 SUSE bug 910145 SUSE bug 911742 CVE-2014-3633 CVE-2014-3640 CVE-2014-3657 CVE-2014-7823 CVE-2014-7840 CVE-2014-8106 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lcms SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The lcms userland utilities were updated to fix stack overflows. * CVE-2013-4276: Multiple stack-based buffer overflows in LittleCMS allowed remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Security Issues: * CVE-2013-4276 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276> SUSE bug 843716 CVE-2013-4276 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for less (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for less fixes the following issues: Security issue fixed: - CVE-2014-9488: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access (bsc#921719). Moderate SUSE bug 921719 CVE-2014-9488 cpe:/o:suse:sles:11:sp3:teradata Security update for lha (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers (bsc#962528). Moderate SUSE bug 962528 CVE-2016-1925 cpe:/o:suse:sles:11:sp3:teradata Security update for libQt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The Qt library was updated to fix a XML entity expansion attack (XXE). (CVE-2013-4549) Security Issue reference: * CVE-2013-4549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549> SUSE bug 856832 SUSE bug 859158 CVE-2013-4549 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libapr-util1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Moderate SUSE bug 1064990 CVE-2017-12618 cpe:/o:suse:sles:11:sp3:teradata Security update for libapr1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Moderate SUSE bug 1064982 CVE-2017-12613 cpe:/o:suse:sles:11:sp3:teradata Security update for libcaca (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles:11:sp3:teradata Security update for libcaca (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Moderate SUSE bug 1197028 CVE-2022-0856 cpe:/o:suse:sles:11:sp3:teradata Security update for libcap-ng (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA libcap-ng was updated to fix one security issue. This security issue was fixed: - CVE-2014-3215: seunshare in policycoreutils (which uses libcap-ng) is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which made it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges (bsc#876832). Moderate SUSE bug 876832 CVE-2014-3215 cpe:/o:suse:sles:11:sp3:teradata Security update for libcares2 (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Low SUSE bug 1007728 CVE-2016-5180 cpe:/o:suse:sles:11:sp3:teradata Security update for libcares2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles:11:sp3:teradata Security update for libcdio (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). Low SUSE bug 1082821 CVE-2017-18199 cpe:/o:suse:sles:11:sp3:teradata Security update for libcgroup1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Bug fixes: - bsc#1030747: Unable to use freezer sub system via libcgroup API when both freezer and cpuset subsystems are used. Moderate SUSE bug 1030747 SUSE bug 1100365 CVE-2018-14348 cpe:/o:suse:sles:11:sp3:teradata Security update for libcroco (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:suse:sles:11:sp3:teradata Security update for libcroco (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sles:11:sp3:teradata Security update for libdb-4_5 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Moderate SUSE bug 1043886 cpe:/o:suse:sles:11:sp3:teradata Security update for PostgreSQL 9.1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The PostgreSQL database server was updated to version 9.1.12 to fix various security issues: * Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode'). (CVE-2014-0066) * Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) The complete list of bugs and more information can be found at: http://www.postgresql.org/docs/9.1/static/release-9-1-12.html <http://www.postgresql.org/docs/9.1/static/release-9-1-12.html> Security Issues references: * CVE-2014-0060 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060> * CVE-2014-0061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061> * CVE-2014-0062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062> * CVE-2014-0063 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063> * CVE-2014-0064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064> * CVE-2014-0065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065> * CVE-2014-0066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066> SUSE bug 864845 SUSE bug 864846 SUSE bug 864847 SUSE bug 864850 SUSE bug 864851 SUSE bug 864852 SUSE bug 864853 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libesmtp (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles:11:sp3:teradata Security update for libevent SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a buffer overflow in the buffered event handling in libevent. (CVE-2014-6272) Security Issues: * CVE-2014-6272 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272> SUSE bug 897243 CVE-2014-6272 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libevent (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sles:11:sp3:teradata Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Moderate SUSE bug 1059893 CVE-2017-7544 cpe:/o:suse:sles:11:sp3:teradata Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles:11:sp3:teradata Security update for mozilla-nss SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568> SUSE bug 897890 CVE-2014-1568 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of libgcrypt mitigates the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (CVE-2013-4242). Security Issue reference: * CVE-2013-4242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242> SUSE bug 831359 CVE-2013-4242 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Moderate SUSE bug 994157 CVE-2016-6313 cpe:/o:suse:sles:11:sp3:teradata Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added (bsc#1046607) Moderate SUSE bug 1046607 CVE-2017-7526 cpe:/o:suse:sles:11:sp3:teradata Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-13627: Mitigated against an ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles:11:sp3:teradata Security update for libgcrypt (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles:11:sp3:teradata Security update for libgcrypt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270> SUSE bug 892464 CVE-2014-5270 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Recommended update for libical (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bnc#986632) - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. (bsc#986642) - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. (bsc#986658) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bnc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986632 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 CVE-2016-5823 CVE-2016-5824 CVE-2016-5825 CVE-2016-5826 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sles:11:sp3:teradata Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Moderate SUSE bug 923241 SUSE bug 990189 SUSE bug 990190 SUSE bug 990191 CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 cpe:/o:suse:sles:11:sp3:teradata Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Moderate SUSE bug 1056450 CVE-2017-14062 cpe:/o:suse:sles:11:sp3:teradata Security update for libjasper SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for libjasper fixes multiple off-by-one errors which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow triggered by a crafted jp2 (JPEG 2000) file. (bsc#906364, CVE-2014-9029) Security Issues: * CVE-2014-9029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029> SUSE bug 906364 CVE-2014-9029 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libksba SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087> SUSE bug 907074 CVE-2014-9087 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Moderate SUSE bug 979261 SUSE bug 979906 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sles:11:sp3:teradata Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101) - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) () - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095) - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090) Moderate SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 cpe:/o:suse:sles:11:sp3:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for liblouis fixes the following issues: Security issues fixed: - CVE-2017-15101: Buffer overflow in findTable (bsc#1067336). - CVE-2014-8184: stack-based buffer overflow in findTable() (bsc#1062458). Moderate SUSE bug 1062458 SUSE bug 1067336 CVE-2014-8184 CVE-2017-15101 cpe:/o:suse:sles:11:sp3:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for liblouis, python-louis fixes the following issues: Security issues fixed: - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-11683: Fix a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095827) Moderate SUSE bug 1095825 SUSE bug 1095826 SUSE bug 1095827 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 cpe:/o:suse:sles:11:sp3:teradata Security update for liblouis (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for liblouis and python-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). Low SUSE bug 1109319 CVE-2018-17294 cpe:/o:suse:sles:11:sp3:teradata Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for liblouis fixes the following issues: - CVE-2018-12085: Fixed an off-by-one error resulting in a buffer overrun (bsc#1097103). Moderate SUSE bug 1097103 CVE-2018-12085 cpe:/o:suse:sles:11:sp3:teradata Security update for lzo SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 lzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. (CVE-2014-4607) Security Issue reference: * CVE-2014-4607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607> SUSE bug 883947 CVE-2014-4607 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmpfr SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for libmpfr fixes a buffer overflow in mpfr_strtofr. (CVE-2014-9474) Security Issues: * CVE-2014-9474 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474> SUSE bug 911812 CVE-2014-9474 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmspack SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issue: * CVE-2014-9556: An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214) Security Issues: * CVE-2014-9556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556> SUSE bug 912214 CVE-2014-9556 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) Moderate SUSE bug 1113038 SUSE bug 1113039 CVE-2018-18584 CVE-2018-18585 cpe:/o:suse:sles:11:sp3:teradata Security update for libmspack (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Low SUSE bug 1141680 CVE-2019-1010305 cpe:/o:suse:sles:11:sp3:teradata Security update for MySQL SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This MySQL update provides the following: * upgrade to version 5.5.39, [bnc#887580] * CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243 See also: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html <http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> Security Issues: * CVE-2014-2484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484> * CVE-2014-4258 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258> * CVE-2014-4260 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260> * CVE-2014-2494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494> * CVE-2014-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238> * CVE-2014-4207 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207> * CVE-2014-4233 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233> * CVE-2014-4240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240> * CVE-2014-4214 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214> * CVE-2014-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243> SUSE bug 887580 CVE-2014-2484 CVE-2014-2494 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libnl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libnl fixes the following issues: Security issue fixed: - CVE-2017-0386: Fixed a privilege escalation vulnerability which allowed a local user to execute code within a privileged process (bsc#1020123). Moderate SUSE bug 1020123 CVE-2017-0386 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenSSL SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> SUSE bug 892403 SUSE bug 901223 SUSE bug 901277 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libotr (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libotr fixes the following issues: - Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785) Moderate SUSE bug 969785 CVE-2016-2851 cpe:/o:suse:sles:11:sp3:teradata Security update for pixman SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425> SUSE bug 853824 CVE-2013-6425 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This libpng update fixes the following two overflow security issues. * bnc#873123: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). * bnc#873124: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). Security Issue references: * CVE-2013-7353 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353> * CVE-2013-7354 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354> SUSE bug 873123 SUSE bug 873124 CVE-2013-7353 CVE-2013-7354 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:11:sp3:teradata Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libpng12-0 fixes the following issues: Security issue fixed: - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1141493 CVE-2017-12652 cpe:/o:suse:sles:11:sp3:teradata Security update for poppler SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes problems in DCTStream error handling in poppler. Security Issue reference: * CVE-2010-5110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5110> SUSE bug 845765 CVE-2010-5110 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pulseaudio SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The following security issue is fixed in this update: * CVE-2014-3970: Fixed a remote denial of service attack in module-rtp-recv. Security Issues: * CVE-2014-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970> SUSE bug 881524 CVE-2014-3970 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libqt4 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libqt4 fixes the following issues: - CVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed a segmantation fault via a malformed BMP file (bsc#1118596). - CVE-2018-19869: Fixed an improper checking which might lead to a crach via a malformed url reference (bsc#1118599). Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 cpe:/o:suse:sles:11:sp3:teradata Security update for libqt4 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libqt4 fixes the following issues: - CVE-2020-17507: Fixed buffer over-read in read_xbm_body (bsc#1176315) Moderate SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles:11:sp3:teradata Security update for libqt4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. SUSE bug 865241 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libqt4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The libqt4 library was updated to fix several security issues: * CVE-2015-0295: Division by zero when processing malformed BMP files. (bsc#921999) * CVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling. (bsc#927806) * CVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling. (bsc#927807) * CVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling. (bsc#927808) Security Issues: * CVE-2015-1858 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858> * CVE-2015-1859 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859> * CVE-2015-1860 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860> * CVE-2015-0295 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295> SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for librsvg (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for librsvg (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for librsvg fixes the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - CVE-2015-7558: librsvg allowed context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document (bsc#977985). - CVE-2016-6163: svg pattern linking to non-pattern fallback leads to invalid memory access, allowing to cause DoS (bsc#987877). - CVE-2018-1000041: Fixed leaking credentials via SVG files that reference UNC paths (bsc#1083232) - CVE-2016-4348: Fixed a denial of service parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function (bsc#977986) - Fixed a stack exhaustion with circular references in <use> elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. This updated also removes the the Mozilla plugin package. Firefox can render SVG on its own and the plugin interface is obsolete. This update for libcroco fixes the following issue: - Fixed an issue where librsvg was throwing a segmentation fault (bsc#1094213). Moderate SUSE bug 1083232 SUSE bug 1094213 SUSE bug 1162501 SUSE bug 977985 SUSE bug 977986 SUSE bug 987877 CVE-2015-7558 CVE-2016-4348 CVE-2016-6163 CVE-2018-1000041 CVE-2019-20446 cpe:/o:suse:sles:11:sp3:teradata Security update for libsamplerate (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Moderate SUSE bug 1033564 CVE-2017-7697 cpe:/o:suse:sles:11:sp3:teradata Security update for libsndfile SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for libsndfile fixes two buffer read overflows in sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796) Security Issues: * CVE-2014-9496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496> SUSE bug 911796 CVE-2014-9496 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the 'flac_buffer_copy()' function) (bsc#1033054, bsc#1033914, bsc#1033915). Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 cpe:/o:suse:sles:11:sp3:teradata Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943) - CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946) - CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944) - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945) - CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054) Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 cpe:/o:suse:sles:11:sp3:teradata Recommended update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA - This update for libsndfile fixes a memory leak in an error path.(bsc#1038856) - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. (bsc#1069874) - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Moderate SUSE bug 1038856 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 cpe:/o:suse:sles:11:sp3:teradata Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Moderate SUSE bug 1071767 SUSE bug 1071777 SUSE bug 1117954 CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 cpe:/o:suse:sles:11:sp3:teradata Security update for libsndfile (Critical) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsndfile fixes the following issues: - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) Critical SUSE bug 1188540 CVE-2021-3246 cpe:/o:suse:sles:11:sp3:teradata Security update for libsndfile (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles:11:sp3:teradata Security update for net-snmp SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for net-snmp fixes a remote denial of service problem inside snmptrapd when it is started with the '-OQ' option. (CVE-2014-3565, bnc#894361) Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24 when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222) Security Issues: * CVE-2014-3565 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565> SUSE bug 865222 SUSE bug 894361 CVE-2014-3565 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libsoup (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fixed a denial of service which was caused handling empty hostnames in get_cookies() (bsc#1100097). Moderate SUSE bug 1100097 CVE-2018-12910 cpe:/o:suse:sles:11:sp3:teradata Security update for libssh2_org SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The ssh client library libssh2_org was updated to fix a security issue: * CVE-2015-1782: A malicious server could send a crafted SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a crash of the application using libssh2_org. Security Issues: * CVE-2015-1782 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782> SUSE bug 921070 CVE-2015-1782 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange (fate#320343, bsc#961964) - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Moderate SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 cpe:/o:suse:sles:11:sp3:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Fixed an issue where libssh2 stops parsing known_hosts (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles:11:sp3:teradata Security update for libssh2_org (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles:11:sp3:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles:11:sp3:teradata Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles:11:sp3:teradata Security update for libtasn1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 libtasn1 has been updated to fix three security issues: * asn1_get_bit_der() could have returned negative bit length (CVE-2014-3468) * Multiple boundary check issues could have allowed DoS (CVE-2014-3467) * Possible DoS by NULL pointer dereference in asn1_read_value_type (CVE-2014-3469) Security Issues: * CVE-2014-3468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468> * CVE-2014-3467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467> * CVE-2014-3469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469> SUSE bug 880735 SUSE bug 880737 SUSE bug 880738 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libtasn1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 cpe:/o:suse:sles:11:sp3:teradata Security update for libtcnative-1-0 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability (bsc#938945) Moderate SUSE bug 938945 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata Security update for libtcnative-1-0 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Important SUSE bug 1078679 SUSE bug 1103347 SUSE bug 1103348 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:sles:11:sp3:teradata Security update for libtiff SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This tiff update fixes several security issues. * bnc#834477: CVE-2013-4232 CVE-2013-4231: tiff: buffer overflows/use after free problem * bnc#834779: CVE-2013-4243: libtiff (gif2tiff): heap-based buffer overflow in readgifimage() * bnc#834788: CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW decompressor Security Issue references: * CVE-2013-4232 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232> * CVE-2013-4231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231> * CVE-2013-4243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243> * CVE-2013-4244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244> SUSE bug 834477 SUSE bug 834779 SUSE bug 834788 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libtirpc, rpcbind (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) Moderate SUSE bug 968175 cpe:/o:suse:sles:11:sp3:teradata Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Moderate SUSE bug 1106517 SUSE bug 1106519 SUSE bug 968175 CVE-2018-14621 CVE-2018-14622 cpe:/o:suse:sles:11:sp3:teradata Security update for libunwind (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libunwind fixes the following issues: - CVE-2015-3239: Fixed an off-by-one in dwarf_to_unw_regnum() (bsc#936786). Moderate SUSE bug 936786 CVE-2015-3239 cpe:/o:suse:sles:11:sp3:teradata Security update for libvirt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 libvirt has been patched to fix two security issues. Further information is available at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179> and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456> These security issues have been fixed: * Unsafe parsing of XML documents allows arbitrary file read or denial of service (CVE-2014-0179) * Ability to delete or create arbitrary host devices (CVE-2013-6456) Security Issue references: * CVE-2014-0179 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179> * CVE-2013-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456> SUSE bug 857490 SUSE bug 873705 CVE-2013-6456 CVE-2014-0179 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes: - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Important SUSE bug 1025340 SUSE bug 1076500 SUSE bug 1079869 SUSE bug 1083625 SUSE bug 1087887 SUSE bug 1088147 SUSE bug 936233 SUSE bug 960742 CVE-2017-5715 CVE-2018-1064 CVE-2018-5748 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3886: Fixed a information exposure which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Moderate SUSE bug 1131595 CVE-2019-3886 cpe:/o:suse:sles:11:sp3:teradata Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Important SUSE bug 1111331 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:11:sp3:teradata Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). Important SUSE bug 1138301 CVE-2019-10161 cpe:/o:suse:sles:11:sp3:teradata Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: Security issue fixed: - CVE-2016-5008: Fixed an issue where an empty VNC password would disables authentication (bsc#987527). Non-security issue fixed: - Fixed an issue where increasing the RAM or CPUs over a certain threshold would lead to soft lockups (bsc#952889). Moderate SUSE bug 952889 SUSE bug 987527 CVE-2016-5008 cpe:/o:suse:sles:11:sp3:teradata Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). Moderate SUSE bug 1197636 CVE-2022-0897 cpe:/o:suse:sles:11:sp3:teradata Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 cpe:/o:suse:sles:11:sp3:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). Moderate SUSE bug 1085687 CVE-2018-5146 cpe:/o:suse:sles:11:sp3:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072). - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812). Moderate SUSE bug 1059812 SUSE bug 1091072 CVE-2017-14160 CVE-2018-10393 cpe:/o:suse:sles:11:sp3:teradata Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Moderate SUSE bug 1091070 CVE-2018-10392 cpe:/o:suse:sles:11:sp3:teradata Security update for openwsman SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> SUSE bug 901882 CVE-2014-3566 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a denial of service via recursive entity expansion. (CVE-2014-3660) Security Issues: * CVE-2014-3660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660> SUSE bug 901546 CVE-2014-3660 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Moderate SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Moderate SUSE bug 1005544 CVE-2016-4658 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Moderate SUSE bug 1010675 SUSE bug 1014873 CVE-2016-9318 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) * CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Moderate SUSE bug 1024989 SUSE bug 1044337 SUSE bug 1044887 SUSE bug 1044894 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) Moderate SUSE bug 1038444 CVE-2017-8872 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Moderate SUSE bug 1069689 SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-16932 CVE-2017-5130 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1102046 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 CVE-2018-14404 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Moderate SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). Moderate SUSE bug 1176179 CVE-2020-24977 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) Moderate SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 CVE-2014-0191 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Important SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 SUSE bug 1176179 SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2014-0191 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015). Moderate SUSE bug 1186015 CVE-2021-3541 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxml2 fixes the following issues: - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132). Important SUSE bug 1199132 CVE-2022-29824 cpe:/o:suse:sles:11:sp3:teradata Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxslt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 libxslt received a security update to fix a security issue: * CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825) Security Issue references: * CVE-2012-6139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139> * CVE-2012-2825 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825> * CVE-2011-3970 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970> SUSE bug 849019 CVE-2011-3970 CVE-2012-2825 CVE-2012-6139 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sles:11:sp3:teradata Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:suse:sles:11:sp3:teradata Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1140095 SUSE bug 1140101 SUSE bug 1154609 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 cpe:/o:suse:sles:11:sp3:teradata Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The following non-security bugs were fixed: - Always include the git commit in KOTD builds. This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - NFS: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - NFS: Refresh open-owner id when server says SEQID is bad (bsc#989261). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: add flock_owner to open context (bnc#998689). - NFSv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - NFSv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() (bsc#1012895). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, among others). - __ptrace_may_access() should not deny sub-threads (bsc#1012851). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - include/linux/math64.h: add div64_ul() (bsc#996329). - kabi-fix for flock_owner addition (bsc#998689). - kabi: get back scsi_device.current_cmnd (bsc#935436). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kexec: add a kexec_crash_loaded() function (bsc#973691). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS and cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils lower than 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - qlcnic: Schedule napi directly in netpoll (bsc#966826). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/config.sh: Set a fitting release string (bsc#997059) - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#961923, LTC#135138). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: remove current_cmnd field from struct scsi_device (bsc#935436). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xfs: remove the deprecated nodelaylog option (bsc#992906). Important SUSE bug 1001419 SUSE bug 1002165 SUSE bug 1003077 SUSE bug 1003253 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1007944 SUSE bug 1008374 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1008850 SUSE bug 1009875 SUSE bug 1010150 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010713 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1011820 SUSE bug 1012183 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1012851 SUSE bug 1012852 SUSE bug 1012895 SUSE bug 1013038 SUSE bug 1013042 SUSE bug 1013531 SUSE bug 1013542 SUSE bug 1014454 SUSE bug 1014746 SUSE bug 1015878 SUSE bug 1017710 SUSE bug 1018446 SUSE bug 1019079 SUSE bug 1019783 SUSE bug 1021258 SUSE bug 821612 SUSE bug 824171 SUSE bug 914939 SUSE bug 929141 SUSE bug 935436 SUSE bug 956514 SUSE bug 961923 SUSE bug 966826 SUSE bug 967716 SUSE bug 969340 SUSE bug 973691 SUSE bug 979595 SUSE bug 987576 SUSE bug 989152 SUSE bug 989261 SUSE bug 991665 SUSE bug 992566 SUSE bug 992569 SUSE bug 992906 SUSE bug 992991 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994618 SUSE bug 994759 SUSE bug 995968 SUSE bug 996329 SUSE bug 996541 SUSE bug 996557 SUSE bug 997059 SUSE bug 997401 SUSE bug 997708 SUSE bug 998689 SUSE bug 999932 SUSE bug 999943 CVE-2004-0230 CVE-2012-6704 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2015-8970 CVE-2016-0823 CVE-2016-10088 CVE-2016-3841 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles:11:sp3:teradata Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles:11:sp3:teradata Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles:11:sp3:teradata Security update for lxc SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The container framework LXC has been updated to fix various bugs and a security issue: * CVE-2013-6441: The sshd template allowed privilege escalation on the host. * SLES container time not aligned with host time (bnc#839653) * SLES container boot takes ages (bnc#839663) * lxc mounts /dev/pts with wrong options (bnc#869663) Security Issues: * CVE-2013-6441 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441> SUSE bug 839653 SUSE bug 839663 SUSE bug 855809 SUSE bug 869663 CVE-2013-6441 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for lxc (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mailman (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery (CSRF) vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option (bsc#995352). - Various other hardenings against CSFR attacks For details please see https://launchpad.net/mailman/+milestone/2.1.15 Moderate SUSE bug 995352 CVE-2016-6893 cpe:/o:suse:sles:11:sp3:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205). Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a '+' (bsc#1102416) Important SUSE bug 1102416 SUSE bug 997205 CVE-2016-6893 cpe:/o:suse:sles:11:sp3:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles:11:sp3:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). Important SUSE bug 1167068 SUSE bug 1170558 CVE-2020-12137 cpe:/o:suse:sles:11:sp3:teradata Security update for mailman (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). Non-security issue fixed: - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Moderate SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 cpe:/o:suse:sles:11:sp3:teradata Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles:11:sp3:teradata Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mgetty (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Important SUSE bug 1108752 SUSE bug 1108756 SUSE bug 1108757 SUSE bug 1108761 SUSE bug 1108762 CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 cpe:/o:suse:sles:11:sp3:teradata Security update for mgetty (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). Moderate SUSE bug 1142770 CVE-2019-1010190 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA Update to Intel microcode version 20180108 (bsc#1075262 CVE-2017-5715) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). Among other updates it contains: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Important SUSE bug 1075262 CVE-2017-5715 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following security issue: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update to ucode-intel (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 SUSE bug 1141977 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issue: - Updated Intel CPU Microcode to 20201027 prerelease (bsc#1170446) - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: Updated to Intel CPU Microcode 20210525 release: - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833) - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839) Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sles:11:sp3:teradata Security update for microcode_ctl (Important) (in QA) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for microcode_ctl fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) Updated to Intel CPU Microcode 20220207 release. - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) This patch is currently in QA and not yet available for download. Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 SUSE bug 1198717 SUSE bug 1199423 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVE-2022-21151 cpe:/o:suse:sles:11:sp3:teradata Security update for minicom (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for minicom fixes the following issues: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783) Moderate SUSE bug 1033783 CVE-2017-7467 cpe:/o:suse:sles:11:sp3:teradata Security update for mono-core (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mono-core (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles:11:sp3:teradata Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sles:11:sp3:teradata Security update for Mozilla NSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes: The main feature is TLS 1.2 support and its dependent algorithms. * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1: * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements Changes with version 3.15 * New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions. Security Issue reference: * CVE-2013-1739 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739> SUSE bug 847708 CVE-2013-1739 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr was updated to version 4.25. Important SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173032 CVE-2019-11727 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles:11:sp3:teradata Security update for mutt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. Security Issues references: * CVE-2014-0467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467> SUSE bug 868115 CVE-2014-0467 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Important SUSE bug 1101567 SUSE bug 1101570 SUSE bug 1101571 SUSE bug 1101573 SUSE bug 1101576 SUSE bug 1101577 SUSE bug 1101578 SUSE bug 1101581 SUSE bug 1101582 SUSE bug 1101588 SUSE bug 1101589 SUSE bug 936807 CVE-2018-14349 CVE-2018-14350 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles:11:sp3:teradata Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:suse:sles:11:sp3:teradata Security update for mutt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). Moderate SUSE bug 1181221 CVE-2021-3181 cpe:/o:suse:sles:11:sp3:teradata Security update for mutt (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). Moderate SUSE bug 1198518 CVE-2022-1328 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA mysql was updated to version 5.5.49 to fix 13 security issues. These security issues were fixed: - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#976341). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#976341). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#976341). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#976341). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#976341). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#976341). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#976341). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#976341). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#976341). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#976341). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com (bsc#963806). More details are available at - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html Important SUSE bug 963806 SUSE bug 976341 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Moderate SUSE bug 934789 SUSE bug 959724 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913). - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919). - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922). - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926). - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html Bugs fixed: - bsc#967374: properly restart mysql multi instances during upgrade - bnc#937258: multi script to restart after crash Important SUSE bug 937258 SUSE bug 967374 SUSE bug 989913 SUSE bug 989919 SUSE bug 989922 SUSE bug 989926 SUSE bug 998309 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This mysql version update to 5.5.53 fixes the following issues: - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html Important SUSE bug 1005558 SUSE bug 1005580 SUSE bug 1005581 CVE-2016-5584 CVE-2016-6662 CVE-2016-7440 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890) - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html Important SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Important SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1029014 SUSE bug 1029396 SUSE bug 1034850 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql fixes the following issues: - CVE-2017-3635: C API unspecified vulnerability (bsc#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (bsc#1049399) - CVE-2017-3641: DML unspecified vulnerability (bsc#1049404) - CVE-2017-3648: Charsets unspecified vulnerability (bsc#1049411) - CVE-2017-3651: Client mysqldump unspecified vulnerability (bsc#1049415) - CVE-2017-3652: DDL unspecified vulnerability (bsc#1049416) - CVE-2017-3653: DDL unspecified vulnerability (bsc#1049417) Moderate SUSE bug 1049398 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049411 SUSE bug 1049415 SUSE bug 1049416 SUSE bug 1049417 SUSE bug 1049422 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html Important SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064119 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369) - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html Moderate SUSE bug 1076369 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 cpe:/o:suse:sles:11:sp3:teradata security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate SUSE bug 1089987 CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for mysql to version 5.5.61 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-3066: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3063: Fixed an easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101677) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html) Moderate SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1101679 SUSE bug 1101680 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 cpe:/o:suse:sles:11:sp3:teradata Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Important SUSE bug 1013882 SUSE bug 1112368 SUSE bug 1112369 SUSE bug 1112432 CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for nagios SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The monitoring service Nagios has been updated to fix potential buffer overflows in its CGI scripts. (CVE-2014-1878) Security Issue reference: * CVE-2014-1878 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878> SUSE bug 864843 CVE-2014-1878 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for nagios (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Moderate SUSE bug 1011630 SUSE bug 1018047 CVE-2016-10089 CVE-2016-8641 cpe:/o:suse:sles:11:sp3:teradata Security update for nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, nagios-nrpe-doc, nagios-plugins-nrpe SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 nagios-nrpe has been updated to prevent possible remote command execution when command arguments are enabled. This issue affects versions 2.15 and older. Further information is available at http://seclists.org/fulldisclosure/2014/Apr/240 <http://seclists.org/fulldisclosure/2014/Apr/240> These security issues have been fixed: * Remote command execution (CVE-2014-2913) Security Issue references: * CVE-2014-2913 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2913> SUSE bug 874743 CVE-2014-2913 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for nagios-nrpe (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for nagios-nrpe fixes one issue. This security issue was fixed: - CVE-2015-4000: Prevent Logjam. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE (bsc#938906). Moderate SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata Security update for nagios-plugins SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This security update fixes the following issues: * Removed the requirement for root access from plugins-root/check_icmp.c and plugins-root/check_icmp.c. The necessary capabilities(7) were added to the README file. * Fixed array out of bounds issue in plugins-root/check_dhcp.c. Security Issues: * CVE-2014-4701 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4701> * CVE-2014-4702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4702> SUSE bug 885205 SUSE bug 885207 CVE-2014-4701 CVE-2014-4702 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for nautilus (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file (bsc#1060031). Low SUSE bug 1060031 CVE-2017-14604 cpe:/o:suse:sles:11:sp3:teradata Recommended update for ncurses (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Important SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). Important SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1069530 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-16879 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Moderate SUSE bug 1056127 CVE-2017-13733 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fixed an infinite loop in the next_char function (bsc#1056136). - CVE-2017-13729: Fixed an illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fixed an illegal address access in the function _nc_read_entry_source (bsc#1056131). - CVE-2017-13731: Fixed an illegal address access in the function postprocess_termcap (bsc#1056129). - CVE-2017-13732: Fixed an illegal address access in the function dump_uses (bsc#1056128). - CVE-2017-13733: Fixed an illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13734: Fixed an illegal address access in the _nc_safe_strcat (bsc#1056126). - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037) Moderate SUSE bug 1056126 SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1131830 SUSE bug 1154037 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 CVE-2018-10754 CVE-2019-17595 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed NULL pointer dereference at function _nc_parse_entry in parse_entry.c (bsc#1115929). Bug fixes: - Modify bsc#1115929 patch to fix change in form_driver() that breaks ncurses-5.9 and the variable move_after_insert of ncurses-6.1 (bsc#1121450). Important SUSE bug 1115929 SUSE bug 1121450 CVE-2018-19211 cpe:/o:suse:sles:11:sp3:teradata Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) Moderate SUSE bug 1190793 CVE-2021-39537 cpe:/o:suse:sles:11:sp3:teradata Security update for net-snmp (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Moderate SUSE bug 1024287 CVE-2017-2581 cpe:/o:suse:sles:11:sp3:teradata Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 cpe:/o:suse:sles:11:sp3:teradata Security update for nmap (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Important SUSE bug 1104139 SUSE bug 1135350 CVE-2018-15173 cpe:/o:suse:sles:11:sp3:teradata Security update for mozilla-nspr, mozilla-nss SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741> * CVE-2013-5605 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605> * CVE-2013-5606 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606> * CVE-2013-5607 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607> SUSE bug 850148 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues: Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) Major functional changes: - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option. - 'kod' was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. These security issues were fixed: - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove 'kod' from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add 'addserver' as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. - bsc#784760: Remove local clock from default configuration. - bsc#942441/fate#319496: Require perl-Socket6. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - bsc#920183: Allow -4 and -6 address qualifiers in 'server' directives. - Use upstream ntp-wait, because our version is incompatible with the new ntpq command line syntax. Important SUSE bug 782060 SUSE bug 784760 SUSE bug 905885 SUSE bug 910063 SUSE bug 916617 SUSE bug 920183 SUSE bug 920238 SUSE bug 926510 SUSE bug 936327 SUSE bug 937837 SUSE bug 942441 SUSE bug 942587 SUSE bug 943216 SUSE bug 943218 SUSE bug 944300 SUSE bug 946386 SUSE bug 951351 SUSE bug 951559 SUSE bug 951608 SUSE bug 951629 SUSE bug 954982 SUSE bug 956773 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962994 SUSE bug 962995 SUSE bug 962997 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 975981 CVE-2015-5194 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226). Important SUSE bug 957226 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for libtasn1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Moderate SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 cpe:/o:suse:sles:11:sp3:teradata Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). Important SUSE bug 979302 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Moderate SUSE bug 1014172 SUSE bug 1030050 SUSE bug 1031085 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 cpe:/o:suse:sles:11:sp3:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. Moderate SUSE bug 1077445 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles:11:sp3:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1001182 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles:11:sp3:teradata Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles:11:sp3:teradata Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2019-13565: Fixed an authentication bypass caused by incorrect authorization of another connection, granting excess connection rights (bsc#1143194). - CVE-2019-13057: Fixed an issue with improper authorization with delegated database admin privileges (bsc#1143273). Important SUSE bug 1143194 SUSE bug 1143273 CVE-2019-13057 CVE-2019-13565 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). Important SUSE bug 1172698 CVE-2020-8023 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Moderate SUSE bug 1178909 CVE-2020-25709 CVE-2020-25710 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. - resynchronise changelogs with subpackages (bsc#1184020). Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 SUSE bug 1184020 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles:11:sp3:teradata Security update for openldap2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) Security Issues: * CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> SUSE bug 846389 SUSE bug 905959 SUSE bug 916897 SUSE bug 916914 CVE-2013-4449 CVE-2015-1545 CVE-2015-1546 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for opensc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16422 CVE-2018-16423 CVE-2018-16427 cpe:/o:suse:sles:11:sp3:teradata Security update for opensc (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for opensc fixes the following issues: Security issue fixed: - CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756). Low SUSE bug 1122756 CVE-2019-6502 cpe:/o:suse:sles:11:sp3:teradata Security update for opensc (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for opensc fixes the following issues: - CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380) - CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747) - CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746) - CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256) - CVE-2020-26572: Prevent out of bounds write (bsc#1177378) Moderate SUSE bug 1149746 SUSE bug 1149747 SUSE bug 1158256 SUSE bug 1177378 SUSE bug 1177380 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26571 CVE-2020-26572 cpe:/o:suse:sles:11:sp3:teradata Security update for opensc (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1192005 CVE-2021-42780 CVE-2021-42782 cpe:/o:suse:sles:11:sp3:teradata Security update for OpenSLP SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones. Security Issues: * CVE-2012-4428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4428> SUSE bug 778508 SUSE bug 855385 CVE-2012-4428 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openslp (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssh SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for OpenSSH fixes the following issues: * Exit sshd normally when port is already in use. (bnc#832628) * Use hardware crypto engines where available. (bnc#826427) * Use correct options for login when it is used. (bnc#833605) * Move FIPS messages to higher debug level. (bnc#862875) * Fix forwarding with IPv6 addresses in DISPLAY. (bnc#847710) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) * Parse AcceptEnv properly. (bnc#869101, CVE-2014-2532) * Check SSHFP DNS records even for server certificates. (bnc#870532, CVE-2014-2653) Security Issues references: * CVE-2014-2532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532> * CVE-2014-2653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653> SUSE bug 826427 SUSE bug 833605 SUSE bug 847710 SUSE bug 869101 SUSE bug 870532 CVE-2014-2532 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm@openssh.com. Important SUSE bug 673532 SUSE bug 903649 SUSE bug 905118 SUSE bug 914309 SUSE bug 916549 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 SUSE bug 943006 SUSE bug 943010 SUSE bug 945493 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. (bsc#989363, CVE-2016-6210) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. (bsc#948902) - Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115) - Prevent X11 SECURITY circumvention when forwarding X11 connections. (bsc#962313, CVE-2016-1908) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option. (bsc#932483, bsc#948902) - Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325) - Limit the accepted password length (prevents a possible denial of service). (bsc#992533, CVE-2016-6515) - Relax version requires for the openssh-askpass sub-package. (bsc#962794) - Avoid complaining about unset DISPLAY variable. (bsc#981654) - Initialize message id to prevent connection breakups in some cases. (bsc#959096) Moderate SUSE bug 932483 SUSE bug 948902 SUSE bug 959096 SUSE bug 962313 SUSE bug 962794 SUSE bug 970632 SUSE bug 975865 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) - CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370) Bugs fixed: - Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180) Important SUSE bug 1016370 SUSE bug 1065000 SUSE bug 1076957 SUSE bug 1105010 SUSE bug 1105180 SUSE bug 1106163 SUSE bug 1106726 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 CVE-2018-15473 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh to version 6.6p1 fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) Important SUSE bug 1121571 CVE-2018-20685 cpe:/o:suse:sles:11:sp3:teradata Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Moderate SUSE bug 1090671 SUSE bug 1115550 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles:11:sp3:teradata Security update for openssh (Critical) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) - CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533) - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: ignore PAM environment when using login (bsc#975865) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) Bugs fixed: - avoid complaining about unset DISPLAY variable (bsc#981654) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - fix PRNG re-seeding (bsc#960414, bsc#729190) - Allow empty Match blocks (bsc#961494) Moderate SUSE bug 729190 SUSE bug 932483 SUSE bug 948902 SUSE bug 960414 SUSE bug 961368 SUSE bug 961494 SUSE bug 962313 SUSE bug 965576 SUSE bug 970632 SUSE bug 975865 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles:11:sp3:teradata Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh-openssl1 fixes the following issues: - Properly verify CIDR masks in configuration (bsc#1005893) - CVE-2016-10009: limit directories for loading PKCS11 modules (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 cpe:/o:suse:sles:11:sp3:teradata Security update for openssh-openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh-openssl1 fixes the following issues: These security issues were fixed: - CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service (bsc#1076957). - CVE-2017-15906: The process_open function did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files (bsc#1065000). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might have allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2008-1483: Prevent local users from hijacking forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. This problem was reontroduced by another patch and was previously fixed by another update (bsc#1069509). These non-security issues were fixed: - Remove duplicate KEX method (bsc#1053972) - New switch for printing diagnostic messages in sftp client's batch mode (bsc#1023275) - Enable case-insensitive hostname matching (bsc#1017099) Important SUSE bug 1016370 SUSE bug 1017099 SUSE bug 1023275 SUSE bug 1053972 SUSE bug 1065000 SUSE bug 1069509 SUSE bug 1076957 CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 cpe:/o:suse:sles:11:sp3:teradata Security update for openssh-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Following non-security issues were fixed: - Fix for sftp client because it returns wrong error code upon failure (bsc#1091396) - Stop leaking File descriptors (bsc#964336) Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 1106163 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 984663 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) Moderate SUSE bug 1089039 CVE-2018-0737 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785). Important SUSE bug 1153785 CVE-2019-1563 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl-certs SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 openssl-certs has been updated to include four new and remove two certificates: * new: Atos_TrustedRoot_2011:2.8.92.51.203.98.44.95.179.50.crt * new: E-Tugra_Certification_Authority:2.8.106.104.62.156.81.155.203.83.crt * new: TeliaSonera_Root_CA_v1:2.17.0.149.190.22.160.247.46.70.241.123.57.130.114.250.139.205.150.crt * new: T-TeleSec_GlobalRoot_Class_2:2.1.1.crt * removed: Firmaprofesional_Root_CA:2.1.1.crt * removed: TDC_OCES_Root_CA:2.4.62.72.189.196.crt SUSE bug 875647 SUSE bug 881241 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root Certificate hashes - bsc#889013: Rename README.SuSE to the new spelling README.SUSE - bsc#976943: Fixed a buffer overrun in ASN1_parse. - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) Important SUSE bug 889013 SUSE bug 971354 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977616 SUSE bug 977617 SUSE bug 977621 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: penSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 982745 SUSE bug 983249 SUSE bug 990419 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - call c_rehash in %post (bsc#1001707) - ship static libraries in the devel package (bsc#1022644) Moderate SUSE bug 1000677 SUSE bug 1001707 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022644 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) - Require openssl1, so c_rehash1 is available during %post to hash the certificates (bsc#1057660) Important SUSE bug 1027908 SUSE bug 1032261 SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1057660 SUSE bug 1065363 SUSE bug 990592 CVE-2017-3735 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1089039 SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 CVE-2018-0737 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following security issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - Add missing commits fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory problem in 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles:11:sp3:teradata Security update for openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openssl1 fixes the following issues: - CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877) Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles:11:sp3:teradata Security update for openvpn SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpn_decrypt that might have allowed remote attackers to gain knowledge of plaintext data. (CVE-2013-2061) Security Issues: * CVE-2013-2061 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061> SUSE bug 843509 CVE-2013-2061 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Important SUSE bug 1044947 CVE-2017-7508 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374) - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709) - CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711) - Some other hardening fixes have also been applied (bsc#1038713) Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 1060877 SUSE bug 995374 CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] - The installed sample configuration file was updated to comply to FIPS requirements. [bsc#988522] - Remedy large latencies on the openVPN server during authentication process. [bsc#959511] - Fix potential denial-of-service attacks found during independent audits. [bsc#1038713, bsc#1038709, CVE-2017-7478, bsc#1038711, CVE-2017-7479] Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 1044947 SUSE bug 959511 SUSE bug 988522 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sles:11:sp3:teradata Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn-openssl1 fixes the following issues: Security issue fixed: - CVE-2017-12166: Fix remote buffer overflow (bsc#1060877). Important SUSE bug 1060877 CVE-2017-12166 cpe:/o:suse:sles:11:sp3:teradata Security update for openvpn-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn-openssl1 fixes the following issues: - Fixed Out of bounds read on getaddrinfo() result (bsc#959714). Moderate SUSE bug 959714 cpe:/o:suse:sles:11:sp3:teradata Security update for openvpn-openssl1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn-openssl1 fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Moderate SUSE bug 1085803 SUSE bug 1185279 CVE-2018-7544 CVE-2020-15078 cpe:/o:suse:sles:11:sp3:teradata Security update for openvpn-openssl1 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openvpn-openssl1 fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles:11:sp3:teradata Security update for openwsman (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sles:11:sp3:teradata Security update for orca (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Moderate SUSE bug 916835 CVE-2013-4245 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pam SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update changes the broken default behavior of pam_pwhistory to not enforce checks when the root user requests password changes. In order to enforce pwhistory checks on the root user, the 'enforce_for_root' parameter needs to be set for the pam_pwhistory.so module. This pam update fixes the following security and non-security issues: * bnc#870433: Fixed pam_timestamp path injection problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password Security Issue references: * CVE-2014-2583 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583> SUSE bug 848417 SUSE bug 870433 CVE-2014-2583 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for pam (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for pam fixes the following issues: Security issues fixed: - CVE-2015-3238: Fixed a denial of service and information leak which could be caused by very long passwords (bsc#934920). - CVE-2013-7041: Fixed a potential authentication bypass where password hashes weren't compared case-sensitively (bsc#854480). Moderate SUSE bug 854480 SUSE bug 934920 CVE-2013-7041 CVE-2015-3238 cpe:/o:suse:sles:11:sp3:teradata Security update for pam-modules (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for pam-modules fixes the following issue. This security issue was fixed: - CVE-2011-3172: Ensure that unix2_chkpwd calls pam_acct_mgmt to prevent usage of locked accounts (bsc#707645, bsc#839386). Moderate SUSE bug 707645 SUSE bug 839386 CVE-2011-3172 cpe:/o:suse:sles:11:sp3:teradata Security update for pam_pkcs11 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) Moderate SUSE bug 1105012 cpe:/o:suse:sles:11:sp3:teradata Security update for patch (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): Important SUSE bug 1059698 SUSE bug 1080918 SUSE bug 1088420 SUSE bug 662957 SUSE bug 914891 CVE-2010-4651 CVE-2014-9637 CVE-2016-10713 CVE-2018-1000156 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for perl SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a memory leak and an infinite recursion in Data::Dumper. (CVE-2014-4330) Security Issues: * CVE-2014-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330> SUSE bug 838333 SUSE bug 896715 CVE-2014-4330 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a '(eval)' directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] Moderate SUSE bug 929027 SUSE bug 967082 SUSE bug 987887 SUSE bug 988311 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 cpe:/o:suse:sles:11:sp3:teradata Security update for perl (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - reformat baselibs.conf as source validator workaround Low SUSE bug 1047178 CVE-2017-6512 cpe:/o:suse:sles:11:sp3:teradata Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). Moderate SUSE bug 1082216 SUSE bug 1082233 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles:11:sp3:teradata Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Moderate SUSE bug 1096718 CVE-2018-12015 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for perl-Archive-Zip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497). Moderate SUSE bug 1099497 CVE-2018-10860 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-Convert-ASN1 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934). Moderate SUSE bug 1168934 CVE-2013-7488 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-DBD-mysql fixes the following issues: - Add patch to fix CVE-2016-1251 (bsc#1012546) use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Moderate SUSE bug 1012546 CVE-2016-1251 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Moderate SUSE bug 1002626 SUSE bug 1010457 CVE-2016-1246 CVE-2016-1249 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a \'your communication with the server will be encrypted\' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059) - CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095) Moderate SUSE bug 1047059 SUSE bug 1047095 CVE-2017-10788 CVE-2017-10789 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). - CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493). Important SUSE bug 1176493 SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2013-7491 CVE-2019-20919 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-PlRPC (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-PlRPC fixes the following issues: - Security notice: [bsc#858243, CVE-2013-7284] * Document security vulnerability on Storable and reply attack - Add perl-PlRPC-CVE-2013-7284.patch Moderate SUSE bug 858243 CVE-2013-7284 cpe:/o:suse:sles:11:sp3:teradata Security update for perl-XML-LibXML (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Important SUSE bug 1046848 CVE-2017-10672 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for permissions (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for permissions fixes the following issues: - CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks (bsc#1150734). Moderate SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3690 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) Moderate SUSE bug 938719 SUSE bug 938721 CVE-2015-5589 CVE-2015-5590 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074] Important SUSE bug 935074 SUSE bug 942291 SUSE bug 942294 SUSE bug 942295 SUSE bug 942296 SUSE bug 945412 SUSE bug 945428 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 CVE-2014-9767 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Moderate SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4073 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) - CVE-2015-8879: odbc_bindcols function in ext/odbc/php_odbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050) Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 SUSE bug 977991 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 SUSE bug 981050 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 SUSE bug 982162 CVE-2014-9767 CVE-2015-4116 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Important SUSE bug 986004 SUSE bug 986244 SUSE bug 986386 SUSE bug 986388 SUSE bug 986393 CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Moderate SUSE bug 987530 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 CVE-2014-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] * Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Moderate SUSE bug 1012232 SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 SUSE bug 974305 CVE-2014-9912 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Important SUSE bug 1019550 SUSE bug 1022219 SUSE bug 1022255 SUSE bug 1022257 SUSE bug 1022260 SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246) - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883) - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889) - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (bsc#1040891) Moderate SUSE bug 1031246 SUSE bug 1035111 SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2016-6294 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Important SUSE bug 1031246 SUSE bug 1044976 CVE-2017-7272 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112). - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111] - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454). - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094). - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096). Moderate SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 1054430 SUSE bug 986386 CVE-2016-10168 CVE-2016-10397 CVE-2016-5766 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-12933 CVE-2017-7890 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Moderate SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. (bsc#986247) - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. (bsc#986391) - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639) Important SUSE bug 1076220 SUSE bug 1076391 SUSE bug 1080234 SUSE bug 1083639 SUSE bug 986247 SUSE bug 986391 CVE-2016-10712 CVE-2016-5771 CVE-2016-5773 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Moderate SUSE bug 1096984 SUSE bug 1099098 CVE-2018-10360 CVE-2018-12882 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow leading to a heap based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Moderate SUSE bug 1103659 SUSE bug 1103836 SUSE bug 1105466 CVE-2017-9118 CVE-2018-14851 CVE-2018-14883 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Moderate SUSE bug 1108753 CVE-2018-17082 cpe:/o:suse:sles:11:sp3:teradata Recommended update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123354 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Moderate SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Moderate SUSE bug 1138172 SUSE bug 1138173 CVE-2019-11039 CVE-2019-11040 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1140118 SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Important SUSE bug 1154999 CVE-2019-11043 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 SUSE bug 1161982 SUSE bug 1162629 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-20433 CVE-2020-7059 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). Moderate SUSE bug 1165289 CVE-2020-7063 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation in get_headers() if the URL contains zero (\0) character (bsc#1168352). - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Moderate SUSE bug 1168326 SUSE bug 1168352 SUSE bug 1171999 CVE-2019-11048 CVE-2020-7064 CVE-2020-7066 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Moderate SUSE bug 1175223 CVE-2020-7068 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Important SUSE bug 1177352 CVE-2020-7070 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). Moderate SUSE bug 1180706 CVE-2020-7071 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Important SUSE bug 1182049 CVE-2021-21702 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2021-21705 [bsc#1188037]: SSRF bypass in FILTER_VALIDATE_URL Moderate SUSE bug 1188037 CVE-2021-21705 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Important SUSE bug 1189591 CVE-2020-36193 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). Moderate SUSE bug 1193041 CVE-2021-21707 cpe:/o:suse:sles:11:sp3:teradata Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for php53 fixes the following issues: - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790). Moderate SUSE bug 1081790 CVE-2015-9253 cpe:/o:suse:sles:11:sp3:teradata Security update for pixman (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for pixman fixes the following issues: Security issue fixed: - CVE-2014-9766: Fixed an integer overflow in create_bits() (bsc#968090). Moderate SUSE bug 968090 CVE-2014-9766 cpe:/o:suse:sles:11:sp3:teradata Security update for policycoreutils (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Low SUSE bug 1000998 CVE-2016-7545 cpe:/o:suse:sles:11:sp3:teradata Security update for policycoreutils (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Moderate SUSE bug 1083624 CVE-2018-1063 cpe:/o:suse:sles:11:sp3:teradata Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Moderate SUSE bug 976844 CVE-2015-8868 cpe:/o:suse:sles:11:sp3:teradata Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) Moderate SUSE bug 1061265 SUSE bug 1064593 SUSE bug 1074453 CVE-2017-1000456 CVE-2017-14977 CVE-2017-15565 cpe:/o:suse:sles:11:sp3:teradata Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for poppler fixes the following issues: - CVE-2020-27778: Fixed a buffer overflow in pdftohtml (bsc#1179163). - CVE-2019-9959: Fixed an integer overflow in pdftocairo (bsc#1142465). - CVE-2019-10872: Fixed an invalid memory access in pdftoppm (bsc#1131722). - CVE-2017-9776: Prevent integer overflow that lead to a heap buffer overflow that allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1045721). Moderate SUSE bug 1045721 SUSE bug 1131722 SUSE bug 1142465 SUSE bug 1179163 CVE-2017-9776 CVE-2019-10872 CVE-2019-9959 CVE-2020-27778 cpe:/o:suse:sles:11:sp3:teradata Security update for popt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This rpm update fixes the following security and non security issues. * bnc#908128: check for bad invalid name sizes (CVE-2014-8118) * bnc#906803: create files with mode 0 (CVE-2013-6435) * bnc#892431: honor --noglob in install mode Security Issues: * CVE-2014-8118 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118> * CVE-2013-6435 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435> SUSE bug 892431 SUSE bug 906803 SUSE bug 908128 CVE-2013-6435 CVE-2014-8118 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql-init (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root (bsc#1062722) Moderate SUSE bug 1062722 CVE-2017-14798 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 brings version 10.6 to SUSE Linux Enterprise 11. This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Moderate SUSE bug 1134689 CVE-2019-10130 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 to version 10.9 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html - update to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html Important SUSE bug 1171924 SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). Moderate SUSE bug 1185924 SUSE bug 1185925 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql10 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql91 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues: * Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161). For a comprehensive list of fixes, please refer to the following release notes: * http://www.postgresql.org/docs/9.1/static/release-9-1-15.html <http://www.postgresql.org/docs/9.1/static/release-9-1-15.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html <http://www.postgresql.org/docs/9.1/static/release-9-1-14.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html <http://www.postgresql.org/docs/9.1/static/release-9-1-13.html> Security Issues: * CVE-2015-0241 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241> * CVE-2015-0243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243> * CVE-2015-0244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244> * CVE-2014-8161 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161> SUSE bug 916953 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql91 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements. The following vulnerabilities have been fixed: * CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972) * CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973) * CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974) For a comprehensive list of changes, please refer to http://www.postgresql.org/docs/9.1/static/release-9-1-18.html <http://www.postgresql.org/docs/9.1/static/release-9-1-18.html> . This update also includes changes in PostgreSQL's packaging to prepare for the migration to the new major version 9.4. (FATE#316970, bsc#907651) Security Issues: * CVE-2015-3165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165> * CVE-2015-3166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166> * CVE-2015-3167 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167> SUSE bug 907651 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql91 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Moderate SUSE bug 949669 CVE-2015-5288 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix 'unresolved symbol' errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html - Relax dependency on libpq to major version. Important SUSE bug 949669 SUSE bug 949670 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). For the non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Important SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Moderate SUSE bug 1029547 SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Important SUSE bug 1104199 CVE-2018-10915 cpe:/o:suse:sles:11:sp3:teradata Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles:11:sp3:teradata Security update for powerpc-utils SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 The 'snap' system information collection tool of the PowerPC Utils package collected fstab and yaboot.conf files which might contain passwords. (CVE-2014-4040) As these files are of interest, we now print a warning that the user of the 'snap' tool should check if private passwords are in those files. Security Issues: * CVE-2014-4040 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4040> SUSE bug 883174 CVE-2014-4040 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ppc64-diag SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 ppc64-diag has been updated to prevent the usage of predictable filenames in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot tarball was previously generated world readable, which could have leaked sensible information, which is only visible to root, to all users. It is now readable for root only (CVE-2014-4039). Security Issues: * CVE-2014-4038 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038> * CVE-2014-4039 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039> SUSE bug 882667 CVE-2014-4038 CVE-2014-4039 cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ppp SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This ppp update fixes a potential security issue that an unprivileged attacker could access privileged options: * integer overflow in option parsing (CVE-2014-3158, bnc#891489) Security Issues: * CVE-2014-3158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158> SUSE bug 891489 CVE-2014-3158 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ppp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Moderate SUSE bug 927841 CVE-2015-3310 cpe:/o:suse:sles:11:sp3:teradata Security update for ppp (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles:11:sp3:teradata Security update for procmail SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 procmail was updated to fix a security issue in its formail helper. * When formail processed specially crafted e-mail headers a heap corruption could be triggered, which would lead to a crash of formail. (CVE-2014-3618) Security Issues: * CVE-2014-3618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618> SUSE bug 894999 CVE-2014-3618 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for procmail (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for procmail fixes the following issues: Security issue fixed: - CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648) Moderate SUSE bug 1068648 CVE-2017-16844 cpe:/o:suse:sles:11:sp3:teradata Security update for procps (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Moderate SUSE bug 1092100 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles:11:sp3:teradata Security update for puppet SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Puppet was updated to fix the following security issues: * Unsafe use of temporary files. (CVE-2013-4969) * Arbitrary code execution with required social engineering. (CVE-2014-3248, CVE-2014-3250) Security Issues references: * CVE-2014-3248 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248> * CVE-2013-4969 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969> * CVE-2014-3250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250> SUSE bug 856843 SUSE bug 879913 CVE-2013-4969 CVE-2014-3248 CVE-2014-3250 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for puppet (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older than 3.2.2 as the SLE11 master doesn't support other fact formats than pson in default anymore. In order to allow users to continue using their SLE11 agents a patch was added that enables sending PSON from agents. For non-SUSE clients older that 3.2.2 a new puppet master boolean option 'dangerous_fact_formats' was added. When it's set to true it enables using dangerous fact formats (e.g. YAML). When it's set to false, only PSON fact format is accepted. (bsc#1040151), (bsc#1077767) Moderate SUSE bug 1040151 SUSE bug 1077767 CVE-2017-2295 cpe:/o:suse:sles:11:sp3:teradata Security update for puppet (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for puppet fixes the following issues: Security issue fixed: - CVE-2020-7942: Added a warning for a vulnerable configuration option, which could allow for information disclosure in certain setups. Disabling it my break some setups. (bsc#1167645) Non-security issue fixed: - Fixed deletion of puppet master file /etc/puppet/manifests/site.pp during updates (bsc#935899). Moderate SUSE bug 1167645 SUSE bug 935899 CVE-2020-7942 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Moderate SUSE bug 984751 SUSE bug 985348 SUSE bug 989523 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). Moderate SUSE bug 1068664 CVE-2017-1000158 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Important SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 985177 CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Moderate SUSE bug 1109847 CVE-2018-14647 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) Moderate SUSE bug 1149955 CVE-2019-16056 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). Moderate SUSE bug 1162367 CVE-2020-8492 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). Moderate SUSE bug 1155094 SUSE bug 1162825 CVE-2019-18348 CVE-2019-9674 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Important SUSE bug 1177211 CVE-2020-26116 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2021-23336: which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). - Switch off -O0 non-optimization. - CVE-2021-3177: fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. Moderate SUSE bug 1181126 SUSE bug 1182379 CVE-2021-23336 CVE-2021-3177 cpe:/o:suse:sles:11:sp3:teradata Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2019-9947: Fixed a CRLF injection that can occur if the attacker controls a url parameter. (bsc#1130840) Moderate SUSE bug 1130840 SUSE bug 1189241 SUSE bug 1189287 CVE-2019-9947 CVE-2021-3733 CVE-2021-3737 cpe:/o:suse:sles:11:sp3:teradata Security update for Python SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 CVE-2013-4238 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Python was updated to fix one security issue: * Potential wraparound/overflow in buffer() (CVE-2014-7185) As an additional hardening measure SSLv2 has been disabled (bnc#901715). Security Issues: * CVE-2014-7185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185> SUSE bug 898572 SUSE bug 901715 CVE-2014-7185 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for Python fixes the following security issues: * bnc#834601: SSL module does not handle certificates that contain hostnames with NULL bytes. (CVE-2013-4238) * bnc#856836: Various stdlib read flaws. (CVE-2013-1752) Additionally, the following non-security issues have been fixed: * bnc#859068: Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. * bnc#847135: Setting fips=1 at boot time causes problems with Python due to MD5 usage. Security Issue references: * CVE-2013-4073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073> * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238> SUSE bug 834601 SUSE bug 847135 SUSE bug 856836 SUSE bug 859068 CVE-2013-4073 CVE-2013-4238 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Python was updated to fix a security issue in the socket.recvfrom_into function, where data could be written over the end of the buffer. (CVE-2014-1912) Security Issue reference: * CVE-2014-1912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912> SUSE bug 863741 CVE-2014-1912 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Python SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for Python provides fixes for the following issues: * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) * The 'urlparse' module has been updated to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support. Security Issues: * CVE-2014-4650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650> SUSE bug 872848 SUSE bug 885882 CVE-2014-4650 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-Jinja2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 cpe:/o:suse:sles:11:sp3:teradata Security update for python-httplib2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 (bsc#1182053). - CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053). Moderate SUSE bug 1171998 SUSE bug 1182053 CVE-2020-11078 CVE-2021-21240 cpe:/o:suse:sles:11:sp3:teradata Security update for python-imaging SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This python-imaging update fixes the following two security issues: * bnc#863541: Fixed insecure temporary file creation and handling (CVE-2014-1932, CVE-2014-1933) Security Issue references: * CVE-2014-1932 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932> * CVE-2014-1933 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933> SUSE bug 863541 CVE-2014-1932 CVE-2014-1933 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-lxml SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This security update for python-lxml fixes a input sanitization flaw in clean_html. (CVE-2014-3146) Security Issues: * CVE-2014-3146 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146> SUSE bug 877258 CVE-2014-3146 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for python-numpy (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sles:11:sp3:teradata Security update for python-paramiko (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-paramiko fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276) Important SUSE bug 1085276 CVE-2018-7750 cpe:/o:suse:sles:11:sp3:teradata Security update for python-paramiko (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-paramiko fixes the following issues: - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151). Moderate SUSE bug 1111151 CVE-2018-1000805 cpe:/o:suse:sles:11:sp3:teradata Security update for python-pip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:suse:sles:11:sp3:teradata Security update for python-pycrypto (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python-pycrypto fixes the following issues: - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420). Important SUSE bug 1017420 CVE-2013-7459 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). Moderate SUSE bug 1068664 SUSE bug 1079300 CVE-2017-1000158 CVE-2018-1000030 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847). Moderate SUSE bug 1109663 SUSE bug 1109847 CVE-2018-1000802 CVE-2018-14647 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Moderate SUSE bug 1122191 CVE-2019-5010 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: python27 was updated to version 2.7.17. - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Changed name of idle27 icons to idle27.png (bsc#1165894). Important SUSE bug 1155094 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - CVE-2019-20907, bsc#1174091: avoiding possible infinite loop in specifically crafted tarball. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2021-23336 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2020-26116: Fixed a CRLF injection via HTTP request method in httplib/http.client. (bsc#1177211) Moderate SUSE bug 1177211 SUSE bug 1187668 SUSE bug 1189241 SUSE bug 1189287 CVE-2020-26116 CVE-2021-3733 CVE-2021-3737 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - CVE-2022-0391: Fixed newline and tabs sanitation in urllib.parse (bsc#1195396). - CVE-2021-4189: Fixed incorrect trust of PASV response (bsc#1194146). Moderate SUSE bug 1194146 SUSE bug 1195396 CVE-2021-4189 CVE-2022-0391 cpe:/o:suse:sles:11:sp3:teradata Security update for python27 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:suse:sles:11:sp3:teradata Security update for python27-Jinja2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 cpe:/o:suse:sles:11:sp3:teradata Security update for python27-ecdsa (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for python27-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). Moderate SUSE bug 1153165 SUSE bug 1154217 CVE-2019-14853 CVE-2019-14859 cpe:/o:suse:sles:11:sp3:teradata Security update for python27-urllib3, python27-boto3, python27-botocore, python27-s3transfer (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update fixes the following issues: python27-urllib3 was updated to version 1.24 (bsc#1149466). python27-botocore was updated to version 1.12.213 (bsc#1149466). python27-s3transfer was updated to version 0.2.1 (bsc#1149466). python27-boto3 was updated to version 1.9.213 (bsc#1149466) Security issues fixed in python27-urllib3: - CVE-2019-9740: Fixed a CRLF injection (bsc#1129071). - CVE-2019-11236: Fixed a CRLF injection (bsc#1132663). - CVE-2019-11324: Fixed an improper validation of CA certificates (bsc#1132900). Moderate SUSE bug 1074247 SUSE bug 1129071 SUSE bug 1132663 SUSE bug 1132900 SUSE bug 1149466 SUSE bug 1150895 CVE-2016-9015 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 cpe:/o:suse:sles:11:sp3:teradata Recommended update for python 2.7 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update provides various modules for Python 2.7. It also updates python 2.7 to the 2.7.16 release, fixing security issues and bugs. The following packages are included in the update: - cloud-init - growpart - python27-argparse - python27-blinker - python27-boto3 - python27-botocore - python27-cffi - python27-Cheetah - python27-configobj - python27-cryptography - python27-dateutil - python27-docutils - python27-ecdsa - python27-enum34 - python27-futures - python27-httplib2 - python27-idna - python27-ipaddress - python27-Jinja2 - python27-jmespath - python27-jsonpatch - python27-jsonpointer - python27-jsonschema - python27-lockfile - python27-MarkupSafe - python27-oauthlib - python27-oauth - python27-paramiko - python27-ply - python27-PrettyTable - python27-pyasn1-modules - python27-pyasn1 - python27-pycparser - python27-pycrypto - python27-PyJWT - python27-pyserial - python27-pytest - python27-python-daemon - python27-PyYAML - python27-requests - python27-s3transfer - python27-setuptools - python27-simplejson - python27-six Moderate SUSE bug 1007084 SUSE bug 1014478 SUSE bug 1015776 SUSE bug 1054106 SUSE bug 1054413 SUSE bug 1064755 SUSE bug 1073879 SUSE bug 1075263 SUSE bug 1082318 SUSE bug 1097455 SUSE bug 1098681 SUSE bug 905354 SUSE bug 962170 SUSE bug 974705 SUSE bug 974993 SUSE bug 975949 SUSE bug 998103 SUSE bug 998378 CVE-2017-12880 cpe:/o:suse:sles:11:sp3:teradata Security update for quagga SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of quagga fixes two security issues: * CVE-2013-0149: specially-crafted OSPF packets could have caused the routing table to be erased (bnc#822572) * CVE-2013-2236: local network stack overflow (bnc#828117) Security Issue references: * CVE-2013-2236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236> * CVE-2013-0149 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0149> SUSE bug 822572 SUSE bug 828117 CVE-2013-0149 CVE-2013-2236 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). Moderate SUSE bug 970952 CVE-2016-2342 cpe:/o:suse:sles:11:sp3:teradata Security update for quagga (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga (group: quagga, mode: 750) and read configuration files installed there (group: quagga, mode: 640). Low SUSE bug 770619 cpe:/o:suse:sles:11:sp3:teradata Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Moderate SUSE bug 977012 CVE-2016-4049 cpe:/o:suse:sles:11:sp3:teradata Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Important SUSE bug 1005258 CVE-2016-1245 cpe:/o:suse:sles:11:sp3:teradata Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet 'vty' CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet 'vty' CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default 'zebra.conf' config file are now disabled. The vty interface is available via 'vtysh' utility using pam authentication to permit management access for root without password. [bsc#1021669] Important SUSE bug 1021669 SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for sendmail SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 sendmail has been updated to fix the following security issue: * Not properly closing file descriptors before executing programs (CVE-2014-3956). Security Issues: * CVE-2014-3956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956> SUSE bug 881284 CVE-2014-3956 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rpcbind (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Moderate SUSE bug 940191 SUSE bug 946204 CVE-2015-7236 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Moderate SUSE bug 900914 SUSE bug 915410 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA rsync was updated to fix one security issue. - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). Moderate SUSE bug 915410 CVE-2014-9512 cpe:/o:suse:sles:11:sp3:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions' (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). Moderate SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 cpe:/o:suse:sles:11:sp3:teradata Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Moderate SUSE bug 1076503 CVE-2018-5764 cpe:/o:suse:sles:11:sp3:teradata Security update for rsyslog SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 rsyslog has been updated to fix a remote denial of service issue: * Under certain configurations, a local or remote attacker able to send syslog messages to the server could have crashed the log server due to an array overread. (CVE-2014-3634, CVE-2014-3683) Security Issues: * CVE-2014-3634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634> * CVE-2014-3683 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683> SUSE bug 890228 SUSE bug 897262 SUSE bug 899756 CVE-2014-3634 CVE-2014-3683 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for rsyslog (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for rsyslog fixes the following issues: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Moderate SUSE bug 1153451 SUSE bug 1153459 CVE-2019-17041 CVE-2019-17042 cpe:/o:suse:sles:11:sp3:teradata Security update for Ruby SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This Ruby update fixes the following security issue: * bnc#808137: Fixed entity expansion DoS vulnerability in REXML (CVE-2013-1821). Security Issue reference: * CVE-2013-1821 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821> SUSE bug 808137 CVE-2013-1821 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for ruby (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Moderate SUSE bug 926974 SUSE bug 959495 SUSE bug 986630 CVE-2015-1855 CVE-2015-7551 cpe:/o:suse:sles:11:sp3:teradata Security update for rzsz (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for rzsz fixes the following issues: - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Moderate SUSE bug 1076576 SUSE bug 1086416 SUSE bug 1090051 SUSE bug 529899 CVE-2018-10195 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). Important SUSE bug 967017 SUSE bug 968222 CVE-2015-7560 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 936862 SUSE bug 967017 SUSE bug 971965 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) Moderate SUSE bug 1003731 SUSE bug 1009711 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 993692 SUSE bug 997833 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). Important SUSE bug 1027147 CVE-2017-2619 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Important SUSE bug 1027147 SUSE bug 1036283 CVE-2017-2619 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). Moderate SUSE bug 1042419 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12163 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). Moderate SUSE bug 1016531 SUSE bug 1063008 CVE-2017-15275 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Moderate SUSE bug 1081741 CVE-2018-1050 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) Important SUSE bug 1079449 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issue fixed: - Make init scripts create log directories before running daemons (bsc#1101499) Moderate SUSE bug 1101499 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles:11:sp3:teradata Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sles:11:sp3:teradata Security update for Samba SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Samba has been updated to fix one security issue: * CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed: * Realign the winbind request structure following require_membership_of field expansion (bnc#913001). * Reuse connections derived from DFS referrals (bso#10123, fate#316512). * Set domain/workgroup based on authentication callback value (bso#11059). * Fix spoolss error response marshalling (bso#10984). * Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). * Fix handling of bad EnumJobs levels (bso#10898). * Fix small memory-leak in the background print process; (bnc#899558). * Prune idle or hung connections older than 'winbind request timeout' (bso#3204, bnc#872912). Security Issues: * CVE-2015-0240 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240> SUSE bug 872912 SUSE bug 898031 SUSE bug 899558 SUSE bug 913001 SUSE bug 917376 CVE-2015-0240 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for sane-backends (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 cpe:/o:suse:sles:11:sp3:teradata Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Moderate SUSE bug 942628 CVE-2015-5185 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. (fate#322032/bsc#1012814) This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on the WBEM SSL socket. Bugfixes: - Add sslNoSSLv3 and sslNoTLSv1 configuration options (bsc#923349, bsc#1008130) Moderate SUSE bug 1008130 SUSE bug 1012814 SUSE bug 923349 cpe:/o:suse:sles:11:sp3:teradata Security update for screen (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Low SUSE bug 944458 CVE-2015-6806 cpe:/o:suse:sles:11:sp3:teradata Security update for shim (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for shim fixes the following issues: Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from or after July / August 2020 are applied. Also fixed: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles:11:sp3:teradata Security update for shim (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for shim fixes the following issues: - Update to the unified shim binary for SBAT support (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles:11:sp3:teradata Security update for shim SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 shim has been updated to fix three security issues: * OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). * Memory corruption when processing user provided MOK lists (CVE-2014-3677). Security Issues: * CVE-2014-3675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675> * CVE-2014-3676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676> * CVE-2014-3677 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677> SUSE bug 813448 SUSE bug 863205 SUSE bug 866690 SUSE bug 875385 SUSE bug 889332 SUSE bug 889765 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for socat (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Moderate SUSE bug 821985 SUSE bug 860991 SUSE bug 964844 CVE-2013-3571 CVE-2014-0019 cpe:/o:suse:sles:11:sp3:teradata Security update for speex (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). Moderate SUSE bug 1192580 CVE-2020-23903 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) Moderate SUSE bug 987394 CVE-2016-6153 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Moderate SUSE bug 1119687 CVE-2018-20346 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Moderate SUSE bug 1085790 SUSE bug 1132045 CVE-2017-10989 CVE-2018-8740 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sles:11:sp3:teradata Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sqlite3 fixes the following issues: - CVE-2019-20218: Fixed a stack unwinding flaw in the selectExpander after a parsing error. (bsc#1160439) Important SUSE bug 1160439 CVE-2019-20218 cpe:/o:suse:sles:11:sp3:teradata Security update for squid SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This squid update fixes a buffer overflow issue when squid attempts to resolve an overly long hostname. This can be triggered with specially crafted http requests. (bnc#829084, CVE-2013-4115) This update also includes a correction to the last change for logrotate. (bnc#677335) Security Issue reference: * CVE-2013-4115 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4115> SUSE bug 677335 SUSE bug 829084 CVE-2013-4115 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 squid was updated to fix two security issues. These security issues were fixed: - CVE-2014-6270: Fixed an off by one in snmp subsystem (bsc#895773). - CVE-2014-9749: Fixed a nonce replay vulnerability in Digest authentication (bsc#949942). Moderate SUSE bug 895773 SUSE bug 949942 CVE-2014-6270 CVE-2014-9749 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing (bsc#979010) Moderate SUSE bug 976553 SUSE bug 979010 CVE-2016-4051 CVE-2016-4554 cpe:/o:suse:sles:11:sp3:teradata Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 CVE-2019-13345 cpe:/o:suse:sles:11:sp3:teradata Security update for squid (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning (bsc#1175664). - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). - CVE-2019-18676: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). Important SUSE bug 1156329 SUSE bug 1175664 CVE-2019-12523 CVE-2019-18676 CVE-2020-15810 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Squid3 was updated to fix a denial of service in Range Header processing, which would have allowed proxy users to crash the squid proxy process. (CVE-2014-3609) Security Issues: * CVE-2014-3609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609> SUSE bug 893649 CVE-2014-3609 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Important SUSE bug 895773 SUSE bug 902197 SUSE bug 938715 SUSE bug 963539 SUSE bug 967011 SUSE bug 968392 SUSE bug 968393 SUSE bug 968394 SUSE bug 968395 SUSE bug 973782 SUSE bug 973783 SUSE bug 976553 SUSE bug 976556 SUSE bug 976708 SUSE bug 979008 SUSE bug 979009 SUSE bug 979010 SUSE bug 979011 SUSE bug 993299 CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Moderate SUSE bug 1016168 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Moderate SUSE bug 1077003 SUSE bug 1077006 CVE-2018-1000024 CVE-2018-1000027 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - CVE-2018-1172: Fixed a DoS caused by incorrect handling of ESI responses. (bsc#1090089, SQUID-2018:3) Important SUSE bug 1090089 CVE-2018-1172 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: Security issue fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). Important SUSE bug 1113668 CVE-2018-19131 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) - Fixed handling of hostname in cachemgr.cgi (CVE-2019-18860, bsc#1167373) - Fixed a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) - Fixed a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (CVE-2019-12520, CVE-2019-12524, bsc#1170423) - Fixed a potential denial of service when processing TLS certificates during HTTPS connections (CVE-2020-14059, bsc#1173304) - Fixed a potential denial of service associated with incorrect buffer management of HTTP Basic Authentication credentials (bsc#1141329, CVE-2019-12529) - Fixed an incorrect buffer management resulting in vulnerability to a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332, CVE-2019-12525) - Fix XSS via user_name or auth parameter in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - Fixed a potential code execution vulnerability (CVE-2019-12526, bsc#1156326) - Fixed HTTP Request Splitting in HTTP message processing and information disclosure in HTTP Digest Authentication (CVE-2019-18678, CVE-2019-18679, bsc#1156323, bsc#1156324) - Fixed a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) - Fixed a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) - Fixed a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) - Fixed Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) - Disable urn parsing and parsing of unknown schemes (bsc#1156329, CVE-2019-12523, CVE-2019-18676) Important SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 SUSE bug 1167373 SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 SUSE bug 1173304 SUSE bug 1173455 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14059 CVE-2020-15049 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Critical) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability (bsc#1175665). - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses (bsc#1175671). - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles:11:sp3:teradata Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for squid3 fixes the following issues: - CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921). - CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436). Important SUSE bug 1183436 SUSE bug 1185921 CVE-2020-25097 CVE-2021-28651 cpe:/o:suse:sles:11:sp3:teradata Security update for squidGuard (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Moderate SUSE bug 985612 CVE-2015-8936 cpe:/o:suse:sles:11:sp3:teradata Security update for strongswan SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a NULL ptr dereference (DoS) via ID_DER_ASN1_DN ID payloads. Security Issue reference: * CVE-2014-2891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2891> SUSE bug 876449 CVE-2014-2891 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Important SUSE bug 1039514 SUSE bug 1039515 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sles:11:sp3:teradata Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for strongswan fixes the following issues: - CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Moderate SUSE bug 1051222 CVE-2017-11185 cpe:/o:suse:sles:11:sp3:teradata Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for strongswan fixes the following issues: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). Moderate SUSE bug 1094462 CVE-2018-5388 cpe:/o:suse:sles:11:sp3:teradata Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles:11:sp3:teradata Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1107874 SUSE bug 1109845 SUSE bug 1194471 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 cpe:/o:suse:sles:11:sp3:teradata Security update for sudo SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running 'sudo -s'. (bnc#868444) * Command 'who -m' prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106> SUSE bug 863025 SUSE bug 866503 SUSE bug 868444 CVE-2014-0106 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for sudo (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionally crash sudo with an 'internal error'. This issue has been fixed. [bsc#948973] - The SSSD plugin would occasionally apply @netgroups rules from LDAP to all users rather than the @netgroup. This issue is now fixed. [bsc#966755] - When the SSSD plugin was used and a local user ran sudo, an e-mail used to be sent to administrator because SSSD did not support sudo rules for local users. This message did not signify an error, however, it was only noise. [bsc#1008043] Moderate SUSE bug 1007501 SUSE bug 1007766 SUSE bug 1008043 SUSE bug 948973 SUSE bug 966755 CVE-2016-7032 CVE-2016-7076 cpe:/o:suse:sles:11:sp3:teradata Security update for sudo (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles:11:sp3:teradata Security update for supportutils (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Moderate SUSE bug 980670 CVE-2016-1602 cpe:/o:suse:sles:11:sp3:teradata Security update for supportutils (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script (bsc#1117751) - CVE-2018-19640: Users can kill arbitrary processes (bsc#1118463) - CVE-2018-19638: User can overwrite arbitrary log files in support tar (bsc#1118460) - CVE-2018-19639: Code execution if run with -v (bsc#1118462) Moderate SUSE bug 1117751 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 CVE-2018-19636 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles:11:sp3:teradata Security update for syslog-ng (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update (bsc#1169385). Moderate SUSE bug 1169385 CVE-2020-8019 cpe:/o:suse:sles:11:sp3:teradata Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] Moderate SUSE bug 1007188 CVE-2016-6321 cpe:/o:suse:sles:11:sp3:teradata Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes (jsc#ECO-339) * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments to external commands. * New configure option --enable-gcc-warnings, intended for debugging. * New warning control option --warning=[no-]record-size * New command line option --keep-directory-symlink * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Moderate SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1152736 CVE-2018-20482 CVE-2019-9923 cpe:/o:suse:sles:11:sp3:teradata Security update for tar (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) Low SUSE bug 1181131 CVE-2021-20193 cpe:/o:suse:sles:11:sp3:teradata Recommended update for tboot (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tboot provides the following fix: Security issue fixed: - CVE-2014-5118: tboot: bypass of measured boot (bsc#889339) Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon 'Purley 8s' processors. The following error message showed: 'TBOOT: wait-for-sipi loop timed-out'. Booting continued but 'TXT measured launch' was wrongly reported as FALSE. (bsc#1057555) Moderate SUSE bug 1057555 SUSE bug 889339 CVE-2014-5118 cpe:/o:suse:sles:11:sp3:teradata Security update for tcpdump SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities in protocol printers have been fixed: * IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * Ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * PPP printer remote DoS (CVE-2014-9140, bnc#923142) Security Issues: * CVE-2015-0261 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261> * CVE-2015-2154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154> * CVE-2014-9140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140> SUSE bug 922220 SUSE bug 922222 SUSE bug 923142 CVE-2014-9140 CVE-2015-0261 CVE-2015-2154 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tcpdump fixes the following issues: Security issues fixed (bsc#1020940): - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print(). - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print(). - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parser print-sl.c:sl_if_print(). - CVE-2016-7926: Corrected buffer overflow in the Ethernet parser print-ether.c:ethertype_print(). - CVE-2016-7927: Corrected buffer overflow in the IEEE 802.11 parser print-802_11.c:ieee802_11_radio_print(). - CVE-2016-7928: Corrected buffer overflow in the IPComp parser print-ipcomp.c:ipcomp_print(). - CVE-2016-7931: Corrected buffer overflow in the MPLS parser print-mpls.c:mpls_print(). - CVE-2016-7936: Corrected buffer overflow in the UDP parser print-udp.c:udp_print(). - CVE-2016-7934,CVE-2016-7935,CVE-2016-7937: Corrected segmentation faults in function udp_print(). - CVE-2016-7939: Corrected buffer overflows in GRE parser print-gre.c:(multiple functions). - CVE-2016-7940: Corrected buffer overflows in STP parser print-stp.c:(multiple functions). - CVE-2016-7973: Corrected buffer overflow in AppleTalk parser print-atalk.c. - CVE-2016-7974: Corrected buffer overflow in IP parser print-ip.c:(multiple functions). - CVE-2016-7975: Corrected buffer overflow in TCP parser print-tcp.c:tcp_print(). - CVE-2016-7983,CVE-2016-7984: Corrected buffer overflow in TFTP parser print-tftp.c:tftp_print(). - CVE-2016-7992: Corrected buffer overflow in Classical IP over ATM parser print-cip.c. - CVE-2016-7993: Corrected buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, etc.). - CVE-2016-8574: Corrected buffer overflow in FRF.15 parser print-fr.c:frf15_print(). - CVE-2017-5202: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). - CVE-2017-5203: Corrected buffer overflow in BOOTP parser print-bootp.c:bootp_print(). - CVE-2017-5204: Corrected buffer overflow in IPv6 parser print-ip6.c:ip6_print(). - CVE-2017-5483: Corrected buffer overflow in SNMP parser print-snmp.c:asn1_parse(). - CVE-2017-5484: Corrected buffer overflow in ATM parser print-atm.c:sig_print(). - CVE-2017-5485: Corrected buffer overflow in ISO CLNS parser addrtoname.c:lookup_nsap(). - CVE-2017-5486: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). Moderate SUSE bug 1020940 CVE-2016-7922 CVE-2016-7923 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7931 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sles:11:sp3:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-13011 cpe:/o:suse:sles:11:sp3:teradata Security update for tcpdump (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). Important SUSE bug 1057247 SUSE bug 1153098 SUSE bug 1153332 CVE-2017-12893 CVE-2017-12894 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12995 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13041 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13051 CVE-2017-13053 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13725 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14881 CVE-2018-14882 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 cpe:/o:suse:sles:11:sp3:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). Moderate SUSE bug 1178466 CVE-2020-8037 cpe:/o:suse:sles:11:sp3:teradata Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Moderate SUSE bug 960341 SUSE bug 964225 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) Moderate SUSE bug 973340 SUSE bug 974449 SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). Moderate SUSE bug 1007280 SUSE bug 1011107 SUSE bug 1011845 SUSE bug 1017688 SUSE bug 1017690 SUSE bug 1017691 SUSE bug 1017692 SUSE bug 1031255 SUSE bug 1046077 SUSE bug 1048937 SUSE bug 1074318 SUSE bug 960341 SUSE bug 983436 CVE-2015-7554 CVE-2016-10095 CVE-2016-10268 CVE-2016-3945 CVE-2016-5318 CVE-2016-5652 CVE-2016-9453 CVE-2016-9536 CVE-2017-11335 CVE-2017-17973 CVE-2017-9935 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) Moderate SUSE bug 1017694 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033129 SUSE bug 1074317 SUSE bug 984808 SUSE bug 984809 SUSE bug 984831 SUSE bug 987351 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2016-5314 CVE-2016-5315 CVE-2017-18013 CVE-2017-7593 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). Moderate SUSE bug 1007276 SUSE bug 1011839 SUSE bug 1011846 SUSE bug 1017689 SUSE bug 1017690 SUSE bug 1019611 SUSE bug 1031263 SUSE bug 1082332 SUSE bug 1082825 SUSE bug 1086408 SUSE bug 974621 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-10266 CVE-2016-3632 CVE-2016-5318 CVE-2016-8331 CVE-2016-9535 CVE-2016-9540 CVE-2017-11613 CVE-2017-5225 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Moderate SUSE bug 1074186 SUSE bug 1092480 SUSE bug 960589 SUSE bug 983440 CVE-2015-8668 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Moderate SUSE bug 1106853 SUSE bug 1108627 SUSE bug 1108637 SUSE bug 1110358 CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1010163 SUSE bug 1014461 SUSE bug 1040080 SUSE bug 1040322 SUSE bug 1074186 SUSE bug 1099257 SUSE bug 1113672 SUSE bug 974446 SUSE bug 974447 SUSE bug 974448 SUSE bug 983440 CVE-2015-8870 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-5319 CVE-2016-9273 CVE-2017-17942 CVE-2017-9117 CVE-2017-9147 CVE-2018-12900 CVE-2018-18661 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). Moderate SUSE bug 1017693 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Low SUSE bug 1121626 SUSE bug 983268 CVE-2016-5102 CVE-2019-6128 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Important SUSE bug 1156749 SUSE bug 1156754 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 CVE-2015-8665 CVE-2015-8683 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 cpe:/o:suse:sles:11:sp3:teradata Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tiff fixes the following issues: - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). Moderate SUSE bug 1154365 SUSE bug 1197073 CVE-2019-17546 CVE-2022-0924 cpe:/o:suse:sles:11:sp3:teradata Security update for tightvnc (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Important SUSE bug 1155442 SUSE bug 1155452 SUSE bug 1155472 SUSE bug 1155476 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issue: - CVE-2016-5388 Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) Moderate SUSE bug 988489 CVE-2016-5388 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948) Security Issue references: * CVE-2012-3544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544> * CVE-2013-1976 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976> * CVE-2012-0022 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022> SUSE bug 768772 SUSE bug 804992 SUSE bug 818948 SUSE bug 822177 SUSE bug 831119 CVE-2012-0022 CVE-2012-3544 CVE-2013-1976 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) * CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) * CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) Important SUSE bug 934219 SUSE bug 967815 SUSE bug 967964 SUSE bug 967965 SUSE bug 967967 CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Important SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1011805 SUSE bug 1011812 SUSE bug 1015119 SUSE bug 1033448 SUSE bug 1036642 SUSE bug 988489 CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following security issues: - : The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page (bsc#1042910). - : The URL pattern of '' was not correctly handled when used as part of a security constraint definition. This caused the constraint to be ignored. It was possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected (bsc#1082480). Moderate SUSE bug 1042910 SUSE bug 1082480 CVE-2017-5664 CVE-2018-1304 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issue: Security issue fixed: - CVE-2018-11784: Fixed problem with specially crafted URLs that could be used to cause a redirect to any URI of an attackers choise (bsc#1110850). Moderate SUSE bug 1110850 CVE-2018-11784 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2020-9484 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Important SUSE bug 1059554 SUSE bug 1180947 SUSE bug 1182909 CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 cpe:/o:suse:sles:11:sp3:teradata Security update for tomcat6 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Tomcat has been updated to version 6.0.41, which brings security and bug fixes. The following security fixes have been fixed: * CVE-2014-0096: A XXE vulnerability via user supplied XSLTs. * CVE-2014-0099: Request smuggling via malicious content length header. * CVE-2014-0119: A XML parser hijack by malicious web application. Bugs fixed: * Socket bind fails on tomcat startup when using apr (IPV6) (bnc#881700) * classpath for org/apache/juli/logging/LogFactory (bnc#844689) Security Issues: * CVE-2013-4322 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322> * CVE-2012-3544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544> * CVE-2014-0099 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099> * CVE-2014-0096 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096> * CVE-2014-0119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119> SUSE bug 844689 SUSE bug 865746 SUSE bug 880346 SUSE bug 880347 SUSE bug 880348 SUSE bug 881700 CVE-2012-3544 CVE-2013-4322 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for transfig (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for transfig fixes the following issues: Security issue fixed: - CVE-2017-16899: Fix array index error in the fig2dev program (bsc#1069257). Moderate SUSE bug 1069257 CVE-2017-16899 cpe:/o:suse:sles:11:sp3:teradata Security update for transfig (Low) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for transfig fixes the following issues: Security issue fixed: - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) Low SUSE bug 1106531 CVE-2018-16140 cpe:/o:suse:sles:11:sp3:teradata Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for transfig fixes the following issues: - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - Do hardening via compile and linker flags - Fixed last added upstream commit (boo#1136882) Important SUSE bug 1136882 SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles:11:sp3:teradata Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles:11:sp3:teradata Security update for unrar (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Important SUSE bug 1045315 CVE-2012-6706 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for unrar (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Added libunrar* and libunrar*-devel subpackages (bsc#513804) - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 513804 SUSE bug 693890 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 cpe:/o:suse:sles:11:sp3:teradata Security update for unrar (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unrar fixes the following issues: - CVE-2022-30333: Fixed directory traversal issue that allowed writing to non-designated paths (bsc#1199349). Moderate SUSE bug 1199349 CVE-2022-30333 cpe:/o:suse:sles:11:sp3:teradata Security update for unzip SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes the following security issues: * CVE-2014-8139: input sanitization errors (bnc#909214) * CVE-2014-9636: out-of-bounds read/write in test_compr_eb() (bnc#914442) Security Issues: * CVE-2014-9636 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636> * CVE-2014-8139 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139> SUSE bug 909214 SUSE bug 914442 CVE-2014-8139 CVE-2014-9636 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) Moderate SUSE bug 1013992 SUSE bug 1013993 SUSE bug 950110 SUSE bug 950111 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 cpe:/o:suse:sles:11:sp3:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) Moderate SUSE bug 1080074 CVE-2018-1000035 cpe:/o:suse:sles:11:sp3:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) Moderate SUSE bug 1110194 CVE-2018-18384 cpe:/o:suse:sles:11:sp3:teradata Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for unzip fixes the following issues: - CVE-2021-4217: Fixed null pointer dereference in Unicode strings code (bsc#1196175). Moderate SUSE bug 1196175 CVE-2021-4217 cpe:/o:suse:sles:11:sp3:teradata Security update for util-linux (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for util-linux fixes the following issues: - CVE-2015-5218: Prevent colcrt buffer overflow. (bsc#949754) These non-security issues were fixed: - Mount crashes when trying to mount `shmfs` while `SELinux` is active. (bsc#1040414) - Fix `lsblk -f` on `CCISS` and other devices with nodes in `/dev` subdirectory. (bsc#924994) - Fix `script(1)` hang caused by mis-interpreted EOF on big-endian platforms. (bsc#930236) - Do not segfault when TERM is not defined or wrong. (bsc#903440) - Update and fix mount XFS documentation. (bsc#925705) - Fix recognition of `/dev/dm-N` partitions names. (bsc#931607) - Follow SUSE Linux Enterprise 11 device mapper partition names configuration. (bsc#931607) - Fix recognition of device mapper partitions. (bsc#923904) - Fix `fsck -C {fd}` parsing. (bsc#923777, bsc#903738) Important SUSE bug 1040414 SUSE bug 903440 SUSE bug 903738 SUSE bug 923777 SUSE bug 923904 SUSE bug 924994 SUSE bug 925705 SUSE bug 930236 SUSE bug 931607 SUSE bug 949754 CVE-2015-5218 cpe:/o:suse:sles:11:sp3:teradata Security update for vim (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability (bsc#1010685) Important SUSE bug 1010685 CVE-2016-1248 cpe:/o:suse:sles:11:sp3:teradata Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for vim fixes the following issues: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Moderate SUSE bug 1024724 CVE-2017-5953 cpe:/o:suse:sles:11:sp3:teradata Security update for vim (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles:11:sp3:teradata Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). Moderate SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles:11:sp3:teradata Security update for vino SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745> SUSE bug 843174 CVE-2013-5745 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for vino (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Moderate SUSE bug 1155419 CVE-2019-15681 cpe:/o:suse:sles:11:sp3:teradata Security update for w3m (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Moderate SUSE bug 1011269 SUSE bug 1011270 SUSE bug 1011271 SUSE bug 1011272 SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012020 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2010-2074 CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sles:11:sp3:teradata Security update for w3m (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Moderate SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1077572 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:suse:sles:11:sp3:teradata Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sles:11:sp3:teradata Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Moderate SUSE bug 1120930 CVE-2018-19840 cpe:/o:suse:sles:11:sp3:teradata Security update for wavpack (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles:11:sp3:teradata Security update for wget SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 wget has been updated to fix one security issue and two non-security issues. This security issue has been fixed: * FTP symlink arbitrary filesystem access (CVE-2014-4877). These non-security issues have been fixed: * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877> SUSE bug 885069 SUSE bug 901276 SUSE bug 902709 CVE-2014-4877 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Moderate SUSE bug 958342 SUSE bug 984060 SUSE bug 995964 CVE-2016-4971 CVE-2016-7098 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Moderate SUSE bug 1028301 CVE-2017-6508 cpe:/o:suse:sles:11:sp3:teradata Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) Moderate SUSE bug 1092061 CVE-2018-0494 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 wireshark has been updated to version 1.10.11 to fix five security issues. These security issues have been fixed: * SigComp UDVM buffer overflow (CVE-2014-8710). * AMQP dissector crash (CVE-2014-8711). * NCP dissector crashes (CVE-2014-8712, CVE-2014-8713). * TN5250 infinite loops (CVE-2014-8714). This non-security issue has been fixed: * enable zlib (bnc#899303). Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html <https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html> Security Issues: * CVE-2014-8711 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711> * CVE-2014-8710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710> * CVE-2014-8714 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714> * CVE-2014-8712 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712> * CVE-2014-8713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713> SUSE bug 899303 SUSE bug 905245 SUSE bug 905246 SUSE bug 905247 SUSE bug 905248 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark (Low) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Moderate SUSE bug 968565 SUSE bug 976944 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bsc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bsc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bsc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bsc#991016) - CVE-2016-6508: wireshark: RLC long loop (bsc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bsc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bsc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671) - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671) - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671) - CVE-2016-5353: UMTS FP crash (bsc#983671) - CVE-2016-5354: USB dissector crash (bsc#983671) - CVE-2016-5355: Toshiba file parser crash (bsc#983671) - CVE-2016-5356: CoSine file parser crash (bsc#983671) - CVE-2016-5357: NetScreen file parser crash (bsc#983671) - CVE-2016-5358: Ethernet dissector crash (bsc#983671) - CVE-2016-5359: WBXML infinite loop (bsc#983671) For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Moderate SUSE bug 983671 SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936). - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937). - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938). - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939). - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940). - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941). - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942). - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943). - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944). - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945). - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963). - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735). - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740). - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752). - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754). - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761). - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762). - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763). - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800). - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964). - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913). - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739). - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739). Moderate SUSE bug 1002981 SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010911 SUSE bug 1021739 SUSE bug 1025913 SUSE bug 1027998 SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 SUSE bug 998761 SUSE bug 998762 SUSE bug 998763 SUSE bug 998800 SUSE bug 998963 SUSE bug 998964 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Moderate SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Moderate SUSE bug 1044417 SUSE bug 1045341 SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 SUSE bug 1062645 SUSE bug 1070727 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-9617 CVE-2017-9766 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Moderate SUSE bug 1077080 SUSE bug 1082692 CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Moderate SUSE bug 1088200 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 cpe:/o:suse:sles:11:sp3:teradata Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 (bsc#1106514): Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Moderate SUSE bug 1106514 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles:11:sp3:teradata Security update for wpa_supplicant SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update fixes a remote code execution vulnerability in wpa_supplicant's wpa_cli and hostapd_cli tools. CVE-2014-3686 has been assigned to this issue. Additionally, password based authentication with PKCS#5v2 has been enabled. Security Issues: * CVE-2014-3686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686> SUSE bug 868937 SUSE bug 900611 CVE-2014-3686 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 wpa_supplicant was updated to fix two security issues. These security issues were fixed: - CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078). - CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077). Moderate SUSE bug 930077 SUSE bug 930078 CVE-2015-4141 CVE-2015-4142 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wpa_supplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2015-0210: Fix broken certificate subject check (bsc#915323.) Moderate SUSE bug 915323 CVE-2015-0210 cpe:/o:suse:sles:11:sp3:teradata Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for wpa_supplicant fixes the following issues: - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Moderate SUSE bug 1150934 CVE-2019-16275 cpe:/o:suse:sles:11:sp3:teradata Security update for xalan-j2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 xalan-j2 has been updated to ensure that secure processing can't be circumvented (CVE-2014-0107). Security Issues: * CVE-2014-0107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107> SUSE bug 870082 CVE-2014-0107 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 Xen was updated to fix two security issues and a bug: * CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. * CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. * An exception in setCPUAffinity when restoring guests. (bsc#910441) Security Issues: * CVE-2015-3456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456> * CVE-2015-3340 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340> SUSE bug 910441 SUSE bug 927967 SUSE bug 929339 CVE-2015-3456 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 Xen has been updated to version 4.2.5 with additional patches to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor (CVE-2014-8867). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). These non-security issues have been fixed: * Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). * Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). * Increase limit domUloader to 32MB (bnc#901317). * Adjust xentop column layout (bnc#896023). Security Issues: * CVE-2014-9030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9030> * CVE-2014-8867 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867> * CVE-2014-8866 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866> * CVE-2014-8595 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595> * CVE-2014-8594 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8594> SUSE bug 866902 SUSE bug 882089 SUSE bug 896023 SUSE bug 901317 SUSE bug 903850 SUSE bug 903967 SUSE bug 903970 SUSE bug 905465 SUSE bug 905467 SUSE bug 906439 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Important SUSE bug 922709 SUSE bug 932996 SUSE bug 935634 SUSE bug 938344 SUSE bug 939709 SUSE bug 939712 CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 xen was updated to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bsc#941074: Device 51728 could not be connected. Hotplug scripts not working Important SUSE bug 877642 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 941074 SUSE bug 944463 SUSE bug 944697 SUSE bug 947165 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS xen was updated to fix 36 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#959695: Missing docs for xen - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend - bsc#959928: When DomU is in state running xm domstate returned nothing Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864673 SUSE bug 864678 SUSE bug 864682 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 928393 SUSE bug 945404 SUSE bug 945989 SUSE bug 954872 SUSE bug 956829 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958523 SUSE bug 959005 SUSE bug 959695 SUSE bug 959928 SUSE bug 960707 SUSE bug 960725 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961691 SUSE bug 963782 SUSE bug 965315 SUSE bug 965317 SUSE bug 967012 SUSE bug 967013 SUSE bug 967630 SUSE bug 967969 SUSE bug 969350 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8743 CVE-2015-8745 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-5403: Unbounded memory allocation allowed a guest administrator to cause a denial of service of the host (bsc#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) These non-security issues were fixed: - bsc#985503: vif-route broken - bsc#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory > current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976470: Xend fails to start - bsc#973631: AWS EC2 kdump issue Important SUSE bug 954872 SUSE bug 961600 SUSE bug 963161 SUSE bug 973188 SUSE bug 973631 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 976470 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 982224 SUSE bug 982225 SUSE bug 982960 SUSE bug 983984 SUSE bug 985503 SUSE bug 988675 SUSE bug 990843 SUSE bug 990923 SUSE bug 995785 SUSE bug 995792 CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-7092 CVE-2016-7094 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue was fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2016-3712: Integer overflow in the VGA module allowed local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode (bsc#978160). - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (boo#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982224) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) - CVE-2016-2841: The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control (bsc#969351) - CVE-2016-2538: Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) allowed local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function (bsc#968004). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967101) - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967090) - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315) - CVE-2016-2271: VMX in Xen, when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317) - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#965156). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#965112) - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bsc#964929). - CVE-2015-5278: Infinite loop in ne2000_receive() function allowed a privileged user inside the guest to crash the Qemu instance resulting in DoS (bsc#964947) - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bsc#964950). - CVE-2015-8345: The i8255x (PRO100) emulation support was vulnerable to an infinite loop issue that allowed a privileged (CAP_SYS_RAWIO) user inside guest to crash the Qemu instance resulting in DoS (bsc#956832) - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#964644) - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bsc#964746). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#964925) - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#964431). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#964452) - CVE-2016-1981: A:infinite loop in start_xmit and e1000_receive_iov routines allowed a privileged user inside the guest to crash the Qemu instance resulting in DoS (bsc#963783) - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#962758) - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#962642) - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#962627) - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#962611) - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#962335) - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#962360) - CVE-2016-1714: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c when built with the Firmware Configuration device emulation support, allowed guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration (bsc#961692) - CVE-2016-1568: Use-after-free vulnerability in hw/ide/ahci.c, when built with IDE AHCI Emulation support, allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command (bsc#961332). - CVE-2016-1571: The paging_invlpg function in include/asm-x86/paging.h in Xen when using shadow mode paging or nested virtualization is enabled, allowed local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check (bsc#960862) - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2015-8743: A OOB memory access in ioport r/w functions allowed a privileged (CAP_SYS_RAWIO) user/process to use this flaw to leak or corrupt Qemu memory bytes (bsc#960726) - CVE-2015-8550: Xen, when used on a system providing PV backends, allowed local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability (bsc#957988) - CVE-2015-8558: The ehci_process_itd function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list (bsc#959006). - CVE-2015-8504: The VNC display driver support was vulnerable to an arithmetic exception flaw that allowed a privileged remote client to crash the guest resulting in DoS (bsc#958493) - CVE-2015-8554: Buffer overflow in hw/pt-msi.c in Xen, when using the qemu-xen-traditional (aka qemu-dm) device model, allowed local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a 'write path.' (bsc#958007) - CVE-2015-8555: Xen did not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allowed local guest domains to obtain sensitive information from other domains via unspecified vectors (bsc#958009) - CVE-2016-9932: CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. - CVE-2016-10013: A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. - bsc#958523: ioreq handling possibly susceptible to multiple read issue leading to DoS or worse, depending on the configuration - CVE-2016-10024: bsc#1014298: PV guests may have been able to mask interrupts causing a Denial of Service. These non-security issues were fixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit - bsc#954872: script block-dmmd not working as expected - bsc#959928: xm domstate - when DomU is in state running xm domstate returned nothing - bsc#959695: Added missing docs for xen - bsc#967630: Fixed discrepancy in reported memory size with correction XSA-153 for xend - bsc#963161: Windows VM was getting stuck during load while a VF was assigned to it - bsc#976470: Xend failed to start - bsc#961600: Fixed poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#978413: PV guest upgrade from SLES11SP4 to SLES12SP2 alpha3 failed on SLES11SP4 xen host. - bsc#985503: vif-route broken Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1016340 SUSE bug 895528 SUSE bug 954872 SUSE bug 956832 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958493 SUSE bug 958523 SUSE bug 959006 SUSE bug 959695 SUSE bug 959928 SUSE bug 960726 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961600 SUSE bug 961692 SUSE bug 962335 SUSE bug 962360 SUSE bug 962611 SUSE bug 962627 SUSE bug 962642 SUSE bug 962758 SUSE bug 963161 SUSE bug 963783 SUSE bug 964431 SUSE bug 964452 SUSE bug 964644 SUSE bug 964746 SUSE bug 964925 SUSE bug 964929 SUSE bug 964947 SUSE bug 964950 SUSE bug 965112 SUSE bug 965156 SUSE bug 965315 SUSE bug 965317 SUSE bug 967090 SUSE bug 967101 SUSE bug 967630 SUSE bug 968004 SUSE bug 969351 SUSE bug 973188 SUSE bug 973631 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 976470 SUSE bug 978160 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 982224 SUSE bug 982225 SUSE bug 982960 SUSE bug 983984 SUSE bug 985503 SUSE bug 988675 SUSE bug 990843 SUSE bug 990923 SUSE bug 995785 SUSE bug 995792 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3615 CVE-2014-3640 CVE-2014-3672 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8743 CVE-2016-10013 CVE-2016-10024 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1981 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-7092 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 CVE-2016-9637 CVE-2016-9932 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation (bsc#1016340). - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM guest OS users to obtain sensitive information from host stack memory via a 'supposedly-ignored' operand size prefix (bsc#1012651). - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298) This non-security issue was fixed: - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Important SUSE bug 1002496 SUSE bug 1012651 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014298 SUSE bug 1014507 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024183 SUSE bug 1024834 SUSE bug 907805 CVE-2014-8106 CVE-2016-10013 CVE-2016-10024 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-2615 CVE-2017-2620 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) This non-security issue was fixed: - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Important SUSE bug 1002496 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014507 SUSE bug 1015169 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024183 SUSE bug 1024834 SUSE bug 907805 CVE-2014-8106 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Important SUSE bug 1027570 SUSE bug 1028235 SUSE bug 1030442 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Important SUSE bug 1027570 SUSE bug 1028235 SUSE bug 1030442 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following security issues: - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035483). - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - Incorrect checks when handling exceptions allowed a malicious or buggy 64-bit PV guest to modify part of a physical memory page not belonging to it, potentially allowing for all of privilege escalation, host or other guest crashes, and information leaks (XSA-215, bsc#1034845) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2017-7995: Incorrect address range validation potentially allowing PV guests to access MMIO memory with read side effects (bsc#1033948). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) Important SUSE bug 1028655 SUSE bug 1033948 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 SUSE bug 1035483 CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 CVE-2017-7995 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several security issues: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) Important SUSE bug 1028655 SUSE bug 1033948 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 SUSE bug 1035483 CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 CVE-2017-7995 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes the following security issues: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). Important SUSE bug 1034845 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042863 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042931 SUSE bug 1042938 CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following security issues: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) Important SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042863 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042931 SUSE bug 1042938 CVE-2017-8309 CVE-2017-9330 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-8905: Fixed a memory corruption via a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). Important SUSE bug 1034845 SUSE bug 1046637 SUSE bug 1048920 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 CVE-2017-10664 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-8905 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes the following issues: - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). Important SUSE bug 1046637 SUSE bug 1048920 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 CVE-2017-10664 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). Important SUSE bug 1056278 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). Important SUSE bug 1056278 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). Important SUSE bug 1061075 SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). Important SUSE bug 1061075 SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - Unprivileged domains could have issued well-timed writes to xenstore which conflict with transactions to stall progress of the control domain or driver domain, possibly leading to DoS (bsc#1030144, XSA-206). Important SUSE bug 1024307 SUSE bug 1030144 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1080635 SUSE bug 1080662 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5898 CVE-2018-5683 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - Unprivileged domains could have issued well-timed writes to xenstore which conflict with transactions to stall progress of the control domain or driver domain, possibly leading to DoS (bsc#1030144, XSA-206). Important SUSE bug 1024307 SUSE bug 1030144 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1080635 SUSE bug 1080662 CVE-2017-11334 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5898 CVE-2018-5683 CVE-2018-7540 CVE-2018-7541 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). Important SUSE bug 1083292 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). Important SUSE bug 1083292 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: These security issue were fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed: - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1079730 SUSE bug 1090822 SUSE bug 1090823 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097206 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1098744 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-LTSS This update for xen fixes the following issues: These security issue were fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed: - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1079730 SUSE bug 1090822 SUSE bug 1090823 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097206 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1098744 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could allow memory corruption (bsc#1112188). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011). - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040). - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS) (bsc#1111014). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2018-17958: Fixed an integer overflow which could lead to buffer overflow (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Important SUSE bug 1110924 SUSE bug 1111007 SUSE bug 1111011 SUSE bug 1111014 SUSE bug 1112188 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1129623 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675). Important SUSE bug 1047675 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1130680 SUSE bug 1135905 SUSE bug 1143797 SUSE bug 1145652 SUSE bug 1146874 SUSE bug 1149813 CVE-2017-10806 CVE-2018-20815 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation - bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations Important SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1161181 SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1169392 SUSE bug 1174543 CVE-2019-18421 CVE-2019-18425 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-7211 CVE-2020-8608 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: - bsc#1178935 - CVE-2020-25723: xen: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c - bsc#1177409 - CVE-2020-27674: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1111331 - CPU issues Q2 2019 aka 'Group 4' CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment - bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) - bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods - bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states - bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts - bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations - bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables - bsc#1172205 - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (XSA-320) - bsc#1173378 - CVE-2020-15565: insufficient cache write- back under VT-d - bsc#1173380 - CVE-2020-15567: non-atomic modification of live EPT PTE - bsc#1176343 - CVE-2020-25604: race when migrating timers between x86 HVM vCPU-s (XSA-336) - bsc#1176344 - CVE-2020-25595: PCI passthrough code reading back hardware registers (XSA-337) - bsc#1176345 - CVE-2020-25596: x86 pv guest kernel DoS via SYSENTER (XSA-339) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel - bsc#1175534 - CVE-2020-14364: usb: out-of-bounds r/w access issue while processing usb packets Important SUSE bug 1111331 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1168140 SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178935 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12207 CVE-2019-11091 CVE-2019-18424 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19583 CVE-2020-0543 CVE-2020-11740 CVE-2020-11741 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25604 CVE-2020-25723 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles:11:sp3:teradata Security update for xen (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xen fixes the following issues: Security issues fixed: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#1179496 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). Non-security issues fixed: - bsc#1022555 - L3: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827 - Forward port xenstored Important SUSE bug 1022555 SUSE bug 1029827 SUSE bug 1091107 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles:11:sp3:teradata Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues: The following security issues have been addressed: * CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55) * CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55) * CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55) * CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54) * CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53) * CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57) * CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. Also the following bugs have been fixed: * performance issues in mirror lvm (bnc#801663) * aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085) * Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269) * Did not boot with i915 graphics controller with VT-d enabled (bnc#817210) Security Issue references: * CVE-2013-2194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194> * CVE-2013-2195 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195> * CVE-2013-2196 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196> SUSE bug 801663 SUSE bug 808085 SUSE bug 808269 SUSE bug 817210 SUSE bug 820917 SUSE bug 820919 SUSE bug 820920 SUSE bug 823011 SUSE bug 823608 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies * CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation * CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation * CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation * CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing vif ratelimiting info * CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub * CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure * CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak * CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs * CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed: * Boot failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * Improvements to block-dmmd script (bnc#828623) * MTU size on Dom0 gets reset when booting DomU with e1000 device (bnc#840196) * In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic. (bnc#833251) * Xen: migration broken from xsave-capable to xsave-incapable host (bnc#833796) * In xen, 'shutdown -y 0 -h' cannot power off system (bnc#834751) * In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar. (bnc#839600) * vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3 (bnc#835896) * SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary (bnc#836239) * Failed to setup devices for vm instance when start multiple vms simultaneously (bnc#824676) * SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3 (bnc#817799) * Various upstream fixes have been included. Security Issues: * CVE-2013-1432 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432> * CVE-2013-1442 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442> * CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918> * CVE-2013-4355 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355> * CVE-2013-4361 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361> * CVE-2013-4368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368> * CVE-2013-4369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4369> * CVE-2013-4370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4370> * CVE-2013-4371 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> SUSE bug 817799 SUSE bug 824676 SUSE bug 826882 SUSE bug 828623 SUSE bug 833251 SUSE bug 833483 SUSE bug 833796 SUSE bug 834751 SUSE bug 835896 SUSE bug 836239 SUSE bug 839596 SUSE bug 839600 SUSE bug 840196 SUSE bug 840592 SUSE bug 841766 SUSE bug 842511 SUSE bug 842512 SUSE bug 842513 SUSE bug 842514 SUSE bug 842515 SUSE bug 845520 CVE-2013-1432 CVE-2013-1442 CVE-2013-1918 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 The Xen hypervisor and tool-suite have been updated to fix security issues and bugs: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. * CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. * CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. * CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked. * CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed: * bnc#840997: It is possible to start a VM twice on the same node. * bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. * bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. * bnc#846849: Soft lock-up with PCI pass-through and many VCPUs. * bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'. * Increase the maximum supported CPUs in the Hypervisor to 512. Security Issues: * CVE-2013-1922 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922> * CVE-2013-2007 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007> * CVE-2013-4375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375> * CVE-2013-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416> * CVE-2013-4494 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494> * CVE-2013-4551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4551> * CVE-2013-4553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553> * CVE-2013-4554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554> SUSE bug 833483 SUSE bug 840997 SUSE bug 842417 SUSE bug 846849 SUSE bug 848014 SUSE bug 848657 SUSE bug 849665 SUSE bug 849667 SUSE bug 849668 SUSE bug 851386 CVE-2013-1922 CVE-2013-2007 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and toolset has been updated to 4.2.4 to fix various bugs and security issues: The following security issues have been addressed: * XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) * XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. (bnc#853048) * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. (bnc#860092) * XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) * XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) * XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) * XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. (bnc#860165) * XSA-86: CVE-2014-1896: libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring. (bnc#860300) * XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) * XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) Also the following non-security bugs have been fixed: * Fixed boot problems with Xen kernel. '(XEN) setup 0000:00:18.0 for d0 failed (-19)' (bnc#858311) * Fixed Xen hypervisor panic on 8-blades nPar with 46-bit memory addressing. (bnc#848014) * Fixed Xen hypervisor panic in HP's UEFI x86_64 platform and with xen environment, in booting stage. (bnc#833251) * xend/pvscsi: recognize also SCSI CDROM devices (bnc#863297) * pygrub: Support (/dev/xvda) style disk specifications Security Issue references: * CVE-2013-2212 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212> * CVE-2013-6400 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6400> * CVE-2013-6885 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885> * CVE-2014-1642 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1642> * CVE-2014-1666 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666> * CVE-2014-1891 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891> * CVE-2014-1892 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892> * CVE-2014-1893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893> * CVE-2014-1894 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894> * CVE-2014-1895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1895> * CVE-2014-1896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896> * CVE-2014-1950 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950> SUSE bug 831120 SUSE bug 833251 SUSE bug 848014 SUSE bug 853048 SUSE bug 853049 SUSE bug 858311 SUSE bug 860092 SUSE bug 860163 SUSE bug 860165 SUSE bug 860300 SUSE bug 860302 SUSE bug 861256 SUSE bug 863297 CVE-2013-2212 CVE-2013-6400 CVE-2013-6885 CVE-2014-1642 CVE-2014-1666 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 CVE-2014-1895 CVE-2014-1896 CVE-2014-1950 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344> * CVE-2013-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-3967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967> * CVE-2014-3968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188> SUSE bug 798770 SUSE bug 833483 SUSE bug 842006 SUSE bug 858178 SUSE bug 862608 SUSE bug 864801 SUSE bug 865682 SUSE bug 867910 SUSE bug 878841 SUSE bug 880751 SUSE bug 881900 SUSE bug 882092 SUSE bug 891539 SUSE bug 895798 SUSE bug 895799 SUSE bug 895802 SUSE bug 897657 CVE-2013-4344 CVE-2013-4540 CVE-2014-2599 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests. * XSA-125: Long latency MMIO mapping operations were not preemptible. * CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override could have, however, corrupted a pointer used subsequently to store the result of the instruction. * CVE-2015-2045: XSA-122: The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall failed to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. * CVE-2015-2044: XSA-121: Emulation routines in the hypervisor dealing with certain system devices checked whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents were copied into the destination of the operation, thus becoming visible to the guest. Also fixed: * Fully virtualized guest install from network source failed with 'cannot find guest domain' in XEN. (bsc#919341) Security Issues: * CVE-2015-2044 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044> * CVE-2015-2045 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045> * CVE-2015-2151 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151> * CVE-2015-2756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756> SUSE bug 918995 SUSE bug 918998 SUSE bug 919341 SUSE bug 919464 SUSE bug 922705 SUSE bug 922706 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2756 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for Xen SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 Xen was updated to fix seven security vulnerabilities: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bnc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bnc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bnc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bnc#931628) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior. (XSA-134, bnc#932790) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bnc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bnc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> SUSE bug 931625 SUSE bug 931626 SUSE bug 931627 SUSE bug 931628 SUSE bug 932770 SUSE bug 932790 SUSE bug 932996 CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xerces-j2 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 cpe:/o:suse:sles:11:sp3:teradata Security update for xerces-j2 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles:11:sp3:teradata Security update for xfsprogs (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xinetd SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The multiplexing system xinetd was updated to fix security issues and a bug. Security issues fixed: * CVE-2013-4342: xinetd ignores user and group directives for tcpmux services. * CVE-2012-0862: xinetd enables all services when tcp multiplexing is used. Bug fixed: * Services started by xinetd were limited to 1024 open file descriptors. (bnc#855685) Security Issues references: * CVE-2012-0862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862> * CVE-2013-4342 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342> SUSE bug 762294 SUSE bug 844230 SUSE bug 855685 CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libs SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html <http://lists.x.org/archives/xorg-announce/2014-May/002431.html> . Security Issues references: * CVE-2014-0209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209> * CVE-2014-0210 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210> * CVE-2014-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211> SUSE bug 857544 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libICE (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libX11 fixes several security issues. Bug 815451/821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Security Issues: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981> * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997> * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004> SUSE bug 815451 SUSE bug 821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) Moderate SUSE bug 1002991 CVE-2016-7942 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) Moderate SUSE bug 1019642 CVE-2013-1997 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Moderate SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). Moderate SUSE bug 1182506 CVE-2021-31535 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643). Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libXdmcp (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libXext SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXext fixes several integer overflow issues. Bug 815451/821665 CVE-2013-1982 Security Issues: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982> SUSE bug 815451 SUSE bug 821665 CVE-2013-1982 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXfixes SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXfixes fixed a integer overflow issue. Bug 815451/821667 CVE-2013-1983 Security Issues: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983> SUSE bug 815451 SUSE bug 821667 CVE-2013-1983 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXfixes (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) Moderate SUSE bug 1002995 CVE-2016-7944 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libXp SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 Security Issues: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062> SUSE bug 815451 SUSE bug 821668 CVE-2013-2062 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXpm (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Moderate SUSE bug 1021315 CVE-2016-10164 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libXrender SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXrender fixes several integer overflow issues. Bug 815451/821669 CVE-2013-1987 Security Issues: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987> SUSE bug 815451 SUSE bug 821669 CVE-2013-1987 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXrender (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Moderate SUSE bug 1003002 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libXt SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXt fixes several integer and buffer overflow issues. Bug 815451/821670 CVE-2013-2002/CVE-2013-2005 Security Issues: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002> * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005> SUSE bug 815451 SUSE bug 821670 CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXv SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 This update of xorg-x11-libXv fixes several integer and buffer overflow issues. Bug 815451/821671 CVE-2013-1989/CVE-2013-2066 Security Issues: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989> * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066> SUSE bug 815451 SUSE bug 821671 CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xorg-x11-libXv (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) Moderate SUSE bug 1003017 CVE-2016-5407 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Moderate SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003012 SUSE bug 1003023 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libs fixes several issues. These security issues were fixed: - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 SUSE bug 1065386 CVE-2017-13720 CVE-2017-13722 CVE-2017-16612 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Moderate SUSE bug 1103511 CVE-2015-9262 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: Security issues: - CVE-2017-2624: Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) Non security issues: - Use arc4random to generate cookies. (bsc#1025084) - XDrawArc performance improvement (bsc#1019649) - Fix byte swapping for gradeint stops (bsc#981044). - Remove unused function with use-after-free issue. (bsc#1025035) Moderate SUSE bug 1019649 SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 SUSE bug 981044 CVE-2017-2624 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. Important SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText (bsc#1051150). - Improve the entropy when generating random data used in X.org server authorization cookies generation by using getentropy() and getrandom() when available (bsc#1025084) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) Moderate SUSE bug 1025084 SUSE bug 1051150 SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13723 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Important SUSE bug 1078383 SUSE bug 1111697 CVE-2018-14665 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:suse_sles_ltss:11:sp3 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 CVE-2020-14345 CVE-2020-14347 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles:11:sp3:teradata Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xorg-x11-server fixes the following issues: - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190489 CVE-2021-4011 cpe:/o:suse:sles:11:sp3:teradata Security update for xscreensaver (Moderate) SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for VMWare 11 SP3 The xscreensaver package was updated to fix the following security and non security issues: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). - Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling. - Refresh xscreensaver-stars.patch. Moderate SUSE bug 952062 CVE-2015-8025 cpe:/o:suse:sles:11:sp3:teradata cpe:/o:suse:sles:11:sp3:vmware cpe:/o:suse:sles_sap:11:sp3 cpe:/o:suse:suse_sles:11:sp3 Security update for xterm (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles:11:sp3:teradata Security update for xz (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles:11:sp3:teradata Security update for yast2-storage (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for yast2-storage to version 2.17.147.1 fixes the following issues: - Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746) - fixed setting disk label on multipath devices (bsc#898525) - fixed used-by information for multipath with LVM (bsc#888838) Moderate SUSE bug 888838 SUSE bug 898525 SUSE bug 986971 CVE-2016-5746 cpe:/o:suse:sles:11:sp3:teradata Security update for zlib (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate (bnc#1003577) * CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) * CVE-2016-9843: Big-endian out-of-bounds pointer Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 cpe:/o:suse:sles:11:sp3:teradata Security update for zlib (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles:11:sp3:teradata Security update for zsh (Moderate) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath() that could lead to local arbitrary code execution ( bsc#1089030) Moderate SUSE bug 1089030 CVE-2018-1100 cpe:/o:suse:sles:11:sp3:teradata Security update for zsh (Important) SUSE Linux Enterprise Server 11 SP3-TERADATA This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294). - CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991). - CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026). - CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656). - CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296). - CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002). - CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998). - CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250). - CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975). - CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977). - CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885). Important SUSE bug 1082885 SUSE bug 1082975 SUSE bug 1082977 SUSE bug 1082991 SUSE bug 1082998 SUSE bug 1083002 SUSE bug 1083250 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 1107294 SUSE bug 1107296 SUSE bug 1163882 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-13259 CVE-2018-7549 CVE-2019-20044 cpe:/o:suse:sles:11:sp3:teradata Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vulnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Important SUSE bug 978061 CVE-2016-3714 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Important SUSE bug 982178 CVE-2016-5118 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 ImageMagick was updated to fix 55 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent file descriptr leak due to corrupted file (bsc#983774). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9820: heap overflow in xpm files (bsc#984150). - CVE-2014-9823: heap overflow in palm file (bsc#984401). - CVE-2014-9822: heap overflow in quantum file (bsc#984187). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9807: Fix a double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). Important SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984181 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984408 SUSE bug 984409 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9842 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445] Moderate SUSE bug 991445 SUSE bug 991872 CVE-2016-6491 CVE-2016-6520 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Important SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000709 SUSE bug 1000711 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1007245 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-5687 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7533 CVE-2016-7535 CVE-2016-7537 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: * CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] * CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] * CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Moderate SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2016-7530 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433). - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436). - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439). - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5511 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Important SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9501 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135). - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219). - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430). - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873). Moderate SUSE bug 1050135 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2017-11534 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060577 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 CVE-2017-11188 CVE-2017-11478 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14733 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422). - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422). - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550). - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049). - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063). - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460). - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large 'length' field in the header but did not contain sufficient backing data, is provided, the loop over 'length' would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723). - CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053). - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050). Moderate SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720). - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065). - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446). - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731). - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732). - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323). - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434). - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898). - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120). - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468). - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550). - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710). - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640). - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606). - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855). - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751). - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123). - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373) - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252) - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771) - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082) - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425). - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412). - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902). - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122). - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) Moderate SUSE bug 1042948 SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1049373 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051412 SUSE bug 1051446 SUSE bug 1052252 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1052771 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058082 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074123 SUSE bug 1074425 SUSE bug 1074610 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-11141 CVE-2017-11449 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 CVE-2017-12430 CVE-2017-12434 CVE-2017-12564 CVE-2017-12642 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14249 CVE-2017-14326 CVE-2017-14533 CVE-2017-17680 CVE-2017-17881 CVE-2017-17882 CVE-2017-18022 CVE-2017-9409 CVE-2018-5246 CVE-2018-5247 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635). - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185) - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - Prevent memory leak in svg.c, which allowed attackers to cause a denial of service via a crafted SVG image file (bsc#1074120) - Prevent small memory leak when processing PWP image files (bsc#1074309) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Moderate SUSE bug 1042824 SUSE bug 1048110 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1058009 SUSE bug 1074119 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11448 CVE-2017-11450 CVE-2017-11537 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17885 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) Moderate SUSE bug 1042911 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050132 SUSE bug 1052754 SUSE bug 1072898 CVE-2017-11528 CVE-2017-11530 CVE-2017-11533 CVE-2017-12663 CVE-2017-17682 CVE-2017-9405 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168) - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630) - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434) - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735) - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792) - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291) - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283) - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362) - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348) Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1084060 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14343 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-9500 CVE-2018-7443 CVE-2018-8804 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781) - security update (wand) * CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (core) * CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (tiff.c) * CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782) Moderate SUSE bug 1047356 SUSE bug 1086773 SUSE bug 1086782 SUSE bug 1087027 SUSE bug 1087033 SUSE bug 1087037 SUSE bug 1089781 CVE-2017-1000476 CVE-2017-10928 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Moderate SUSE bug 1056277 SUSE bug 1094204 SUSE bug 1094237 SUSE bug 1095812 SUSE bug 1098545 SUSE bug 1098546 SUSE bug 1102003 SUSE bug 1102004 SUSE bug 1102005 SUSE bug 1102007 CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable (bsc#1105592) Important SUSE bug 1105592 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following security issue: - CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170). - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072) - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747) - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746) Moderate SUSE bug 1074170 SUSE bug 1106855 SUSE bug 1106989 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1108282 SUSE bug 1108283 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2017-17934 CVE-2018-16323 CVE-2018-16413 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399) - CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609) - CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129) - CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635) Moderate SUSE bug 1050129 SUSE bug 1050635 SUSE bug 1107609 SUSE bug 1112399 CVE-2017-11532 CVE-2017-11639 CVE-2017-14997 CVE-2018-16644 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1113064 SUSE bug 1120381 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1128649 CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179212 SUSE bug 1179269 SUSE bug 1179281 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763 CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27771 CVE-2020-27772 CVE-2020-27775 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Important SUSE bug 1017711 SUSE bug 1017712 CVE-2016-9941 CVE-2016-9942 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for LibVNCServer fixes the following issues: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). Moderate SUSE bug 1081493 CVE-2018-7225 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Important SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173880 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) Critical SUSE bug 940918 CVE-2015-4495 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Important SUSE bug 967087 CVE-2016-1523 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Important SUSE bug 977333 SUSE bug 977374 SUSE bug 977376 SUSE bug 977381 SUSE bug 977386 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Important SUSE bug 983549 SUSE bug 983638 SUSE bug 983639 SUSE bug 983643 SUSE bug 983646 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 SUSE bug 984006 SUSE bug 985659 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2831 CVE-2016-2834 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Important SUSE bug 989196 SUSE bug 990628 SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Important SUSE bug 999701 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Important SUSE bug 1000751 SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Important SUSE bug 1027527 SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes: - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Important SUSE bug 1025108 SUSE bug 1031485 SUSE bug 1035082 SUSE bug 1043960 SUSE bug 930392 SUSE bug 930496 SUSE bug 935510 SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes: - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Important SUSE bug 1031485 SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). - CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872). - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Non-security issues fixed: - Fix broken language plugins (bsc#1137792) Important SUSE bug 1137792 SUSE bug 1138614 SUSE bug 1138872 SUSE bug 1140868 CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Update Firefox Extended Support Release to 68.3.0 ESR (MFSA 2019-37 / bsc#1158328) Security issues fixed: - CVE-2019-17008: Use-after-free in worker destruction (bmo#1546331). - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156). - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher (bmo#1586176). - CVE-2019-17009: Updater temporary files accessible to unprivileged processes (bmo#1510494). - CVE-2019-17010: Use-after-free when performing device orientation checks (bmo#1581084). - CVE-2019-17005: Buffer overflow in plain text serializer (bmo#1584170). - CVE-2019-17011: Use-after-free when retrieving a document in antitracking (bmo#1591334). - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502). Update mozilla-nss to version 3.47.1 (bsc#1158527): Security issues fixed: - CVE-2019-11745: EncryptUpdate should use maxout, not block size. Bug fixes: - Fix a crash that could be caused by client certificates during startup (bmo#1590495, bsc#1158527) - Fix compile-time warnings from uninitialized variables in a perl script (bmo#1589810) - Support AES HW acceleration on ARMv8 (bmo#1152625) - Allow per-socket run-time ordering of the cipher suites presented in ClientHello (bmo#1267894) - Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501) - Remove arbitrary HKDF output limit by allocating space as needed (bmo#1577953) Update mozilla-nspr to version 4.23: Bug fixes: - fixed a build failure that was introduced in 4.22 - correctness fix for Win64 socket polling - whitespace in C files was cleaned up and no longer uses tab characters for indenting - added support for the ARC architecture - removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS - correctness and build fixes Important SUSE bug 1158328 SUSE bug 1158527 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR (bsc#1163368). Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process (bsc#1163368). - CVE-2020-6798: Fixed a JavaScript code injection issue caused by the incorrect parsing of template tags (bsc#1163368). - CVE-2020-6799: Fixed a local arbitrary code execution issue when handling PDF links from other applications (bsc#1163368). - CVE-2020-6800: Fixed several memory safety bugs (bsc#1163368). Non-security issues fixed: - Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726). Important SUSE bug 1161799 SUSE bug 1163368 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.6.1 ESR MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.8.0 ESR MFSA 2020-17 (bsc#1171186) * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-12388 (bmo#1618911) Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389 (bmo#1554110) Sandbox escape with improperly separated process types * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Since firefox-gcc8 now has disabled autoreqprov for firefox-libstdc++6 and firefox-libgcc_s1, those packages don't provide some capabilities, we have to disable AutoReqProv in MozillaFirefox too so they're not added as automatic requirements. (bsc#1162828) Important SUSE bug 1162828 SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1166238 SUSE bug 1167231 SUSE bug 1173576 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading (boo#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe (MFSA 2020-32) (bsc#1174538). * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Moderate SUSE bug 1173948 SUSE bug 1173991 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). Moderate SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Fixed problems with compiler builtins on SLE-11 (bsc#1175046) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1175046 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Moderate SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Important SUSE bug 908275 SUSE bug 935033 SUSE bug 935979 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix: * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes * Enable atomic instructions on mips (bmo#1129878) * Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, rust-cbindgen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox, rust-cbindgen fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Firefox Extended Support Release 91.1.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274) * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) (bmo#1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) (bmo#1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891) * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 rust-cbindgen was updated to 0.19.0. Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:suse_sles_ltss:11:sp4 Recommended update for NetworkManager-kde4 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it to NetworkManager for it to do a network validation in the absence of a real certificate (bsc#726349) - Disabled the loading by default of the NetworkManager plasma applet since it doesn't work. - Fixed a crash due to the use of an uninitialized variable in the plasma applet in case someone runs it manually (bsc#663413) Moderate SUSE bug 663413 SUSE bug 726349 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for OpenEXR fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) * CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for OpenEXR (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for OpenEXR fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function Important SUSE bug 1184354 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3605 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for OpenEXR (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Moderate SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1192556 CVE-2021-20298 CVE-2021-20300 CVE-2021-20303 CVE-2021-20304 CVE-2021-3941 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for SDL (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for SDL (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for SDL fixes the following issues: - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c (bsc#1181201). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (bsc#1124825). - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c (bsc#1181202). Important SUSE bug 1124825 SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2019-7637 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for SuSEfirewall2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Moderate SUSE bug 1064127 CVE-2017-15638 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This security update of Xen fixes the following issues: * bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) * bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Moderate SUSE bug 939709 SUSE bug 939712 CVE-2015-5165 CVE-2015-5166 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for adns (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for aide (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for amanda (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916). Moderate SUSE bug 1112916 CVE-2016-10729 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ant (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to 'true' Moderate SUSE bug 1100053 CVE-2018-10886 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183) Bugs fixed: - add SSLSessionTickets directive (bsc#941676) - hardcode modules %files (bsc#444878) - only enable the port 443 for TCP protocol, not UDP. (bsc#931002) Moderate SUSE bug 444878 SUSE bug 931002 SUSE bug 938728 SUSE bug 941676 CVE-2015-3183 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) Moderate SUSE bug 988488 CVE-2016-5387 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715). Moderate SUSE bug 1016714 SUSE bug 1016715 CVE-2016-2161 CVE-2016-8743 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830) - Don't put the backend in error state (by default) when 500/503 error code is overridden. (bsc#951692) - Allow single-char field names inadvertently disallowed in 2.2.32. Moderate SUSE bug 1041830 SUSE bug 1048576 SUSE bug 951692 CVE-2017-9788 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed: - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added: - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Moderate SUSE bug 1045060 SUSE bug 1045061 SUSE bug 1045062 SUSE bug 1045065 SUSE bug 1052830 SUSE bug 1058058 SUSE bug 1064561 CVE-2009-2699 CVE-2010-0425 CVE-2012-0021 CVE-2014-0118 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9798 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2 fixes the following issues: - security update: * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817] * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776] * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775] Moderate SUSE bug 1086775 SUSE bug 1086776 SUSE bug 1086817 CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Important SUSE bug 1131239 SUSE bug 1131241 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1169066 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest Important SUSE bug 1186922 SUSE bug 1187174 CVE-2020-35452 CVE-2021-30641 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) Important SUSE bug 1190666 CVE-2021-39275 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apache2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197095 SUSE bug 1197096 CVE-2022-22720 CVE-2022-22721 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apache2-mod_jk (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). - CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845). Moderate SUSE bug 1114612 SUSE bug 927845 CVE-2014-8111 CVE-2018-11759 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2-mod_nss (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Moderate SUSE bug 975394 SUSE bug 979688 CVE-2013-4566 CVE-2014-3566 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for apache2-mod_perl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for apache2-mod_perl fixes the following issues: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Moderate SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for apport (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for apport fixes the following issues: Security issue fixed: - CVE-2015-1338: Insecurely created crash dumps could lead to a DoS or privilege escalation through malicious symlinks. (bsc#947731) Moderate SUSE bug 947731 CVE-2015-1338 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for arpwatch (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for aspell (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for atftp (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for audiofile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Moderate SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for augeas (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Moderate SUSE bug 925225 CVE-2014-8119 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for augeas (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for augeas fixes the following issues: Security issues fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). - CVE-2014-8119: Fix improper handling of escaped strings leading to memory corruption (bsc#925225). Moderate SUSE bug 1054171 SUSE bug 925225 CVE-2014-8119 CVE-2017-7555 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for avahi (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for axis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). Moderate SUSE bug 1103658 CVE-2018-8032 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bash (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396) The following bugs were fixed: - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps. - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not. Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 959755 SUSE bug 971410 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bash (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) Low SUSE bug 1010845 SUSE bug 1031729 SUSE bug 976776 CVE-2016-9401 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Important SUSE bug 939567 CVE-2015-5477 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Important SUSE bug 944066 CVE-2015-5722 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Important SUSE bug 923281 SUSE bug 958861 CVE-2015-8000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Important SUSE bug 962189 CVE-2015-8704 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Critical) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Critical SUSE bug 1000362 CVE-2016-2776 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Moderate SUSE bug 1024130 CVE-2017-3135 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Important SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Important SUSE bug 1034162 CVE-2017-3137 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bind fixes the following issues: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - Removed rndc.key generation from bind.spec file (bsc#1092283, bsc#1033843) bind should create the key on first boot or if it went missing. Important SUSE bug 1033843 SUSE bug 1092283 SUSE bug 1109160 SUSE bug 1171740 SUSE bug 1172220 SUSE bug 1172680 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for bind (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). Important SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for bsdtar (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Important SUSE bug 920870 SUSE bug 984990 SUSE bug 985609 SUSE bug 985669 SUSE bug 985675 SUSE bug 985682 SUSE bug 985698 CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for bzip2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cairo (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS (bsc#1049092). - CVE-2017-7475: Fix a segfault in get_bitmap_surface due to malformed font (bsc#1036789). Moderate SUSE bug 1007255 SUSE bug 1036789 SUSE bug 1049092 CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cifs-utils (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issue fixed: - Fix permissions of /var/spool/amavis. (bsc#815106) Important SUSE bug 1045490 SUSE bug 815106 CVE-2012-6706 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Important SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issue fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option. Moderate SUSE bug 1144504 SUSE bug 1149458 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Moderate SUSE bug 1118459 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1187509 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for clamav (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:suse_sles_ltss:11:sp4 Recommended udpate for SUSE Manager Client Tools (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for SUSE Manager Client Tools provides the following fixes and enhancements: rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) suseRegisterInfo: - Fix file permissions (bsc#970550) Low SUSE bug 970550 SUSE bug 970989 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for coreutils (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for coreutils fixes one issue. This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041) Important SUSE bug 1023041 CVE-2017-2616 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cpio (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cracklib (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Moderate SUSE bug 928923 SUSE bug 992966 CVE-2016-6318 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for crash (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for crash provides the following fix: - Update crash to support -bigmem kernel dumps for PPC64, including the ones that have extended process virtual address space support to 128TB (bsc#1075785, bsc#1032471). Low SUSE bug 1032471 SUSE bug 1075785 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cups (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). Moderate SUSE bug 1096405 SUSE bug 1096406 SUSE bug 1096407 SUSE bug 1096408 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cups (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). - Fixed a double free which was triggered by Java application (bsc#959478). Important SUSE bug 1146358 SUSE bug 1146359 SUSE bug 959478 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cups (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cups fixes the following issues: - CVE-2020-3898: Fixed heap buffer overflow in libcups ppdFindOption() function (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cups (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Moderate SUSE bug 926511 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005642 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Moderate SUSE bug 1015332 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Moderate SUSE bug 1015332 SUSE bug 1032309 SUSE bug 1051644 CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) Moderate SUSE bug 1061876 CVE-2017-1000254 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] Moderate SUSE bug 1027712 SUSE bug 1077001 CVE-2016-7141 CVE-2018-1000007 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) Moderate SUSE bug 1081056 SUSE bug 1083463 SUSE bug 1084137 SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 SUSE bug 1085124 SUSE bug 1086825 SUSE bug 1087922 SUSE bug 1090194 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) Moderate SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Moderate SUSE bug 1106019 CVE-2018-14618 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for curl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for curl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for curl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for curl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cvs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364) Moderate SUSE bug 1053364 CVE-2017-12836 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cyrus-imapd (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include 'tls_versions: tls1_0 tls1_1 tls1_2'. New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Important SUSE bug 860611 SUSE bug 901748 SUSE bug 954200 SUSE bug 954201 SUSE bug 981670 CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dbus-1 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Moderate SUSE bug 880984 SUSE bug 919959 SUSE bug 926159 SUSE bug 928390 SUSE bug 936923 SUSE bug 947780 SUSE bug 961305 CVE-2015-8605 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Moderate SUSE bug 969820 CVE-2016-2774 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119) This non-security issue was fixed: - Enhance dhclient-script to handle static route updates. (bsc#1023415) Moderate SUSE bug 1023415 SUSE bug 1076119 CVE-2017-3144 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dhcp (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dhcpcd (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. Important SUSE bug 955762 CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for djvulibre (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for djvulibre fixes the following issues: - Extend CVE-2021-3630 fix (bsc#1187869). Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Important SUSE bug 983273 CVE-2015-8899 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of 'basename' in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for dnsmasq (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Removed cache size limit. (bsc#1138743) Moderate SUSE bug 1076958 SUSE bug 1138743 CVE-2017-15107 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for dnsmasq fixes the following issues: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1154849 SUSE bug 1176076 SUSE bug 1177077 CVE-2019-14834 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for dosfstools (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an 'off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). Moderate SUSE bug 980364 SUSE bug 980377 CVE-2015-8872 CVE-2016-4804 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ed (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. (bsc#1019807) Low SUSE bug 1019807 CVE-2017-5357 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for emacs (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for evince (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file. (bsc#1070046) Moderate SUSE bug 1070046 CVE-2017-1000159 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for evince (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for exempi (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for exempi fixes the following issues: Security issue fixed: - CVE-2018-7730: Fix heap-based buffer overflow in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp (bsc#1085295). - CVE-2017-18234: Fix use-after-free issue that allows remote attackers to cause a denial of service via a .pdf file (bsc#1085585). Moderate SUSE bug 1085295 SUSE bug 1085585 CVE-2017-18234 CVE-2018-7730 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Important SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Moderate SUSE bug 1022037 SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for expat (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Moderate SUSE bug 775988 CVE-2012-3482 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Important SUSE bug 947003 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues. - mozilla-nspr was updated to version 4.10.10 (bsc#952810) * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues - mozilla-nss was updated to 3.19.2.1 (bsc#952810) * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues - MozillaFirefox was updated to 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) Important SUSE bug 908275 SUSE bug 952810 CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues: Mozilla Firefox was updated to the 60.9.0esr release: Security Advisory MFSA 2019-27: * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449, bsc#1149297) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033, bsc#1149297) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715, bsc#1149303) * Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11753 (bmo#1574980, bsc#1149295) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152, bsc#1149296) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015, bsc#1149294) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495, bsc#1149298) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299) - Rebuild glib2 schemas on SLE-11 (bsc#1145550) Changes in firefox-glib2: - Fix the rpm macros %glib2_gsettings_schema_* which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Changes in firefox-gtk3: - Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm macros %glib2_gsettings_schema_* in firefox-glib2 package which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Important SUSE bug 1145550 SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for Mozilla Firefox (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 (bsc#1154738) * CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757: Use-after-free when creating index updates in IndexedDB * CVE-2019-11758: Potentially exploitable crash due to 360 Total Security * CVE-2019-11759: Stack buffer overflow in HKDF output * CVE-2019-11760: Stack buffer overflow in WebRTC networking * CVE-2019-11761: Unintended access to a privileged JSONView object * CVE-2019-11762: document.domain-based origin isolation has same-origin- property violation * CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 Other Issues resolved: * [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20 * [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in * [bsc#1043008] Firefox hangs randomly when browsing and scrolling * [bsc#1025108] Firefox stops loading page until mouse is moved * [bsc#905528] Firefox malfunctions due to broken omni.ja archives Important SUSE bug 1000036 SUSE bug 1001652 SUSE bug 1025108 SUSE bug 1029377 SUSE bug 1029902 SUSE bug 1040164 SUSE bug 104105 SUSE bug 1042670 SUSE bug 1043008 SUSE bug 1044946 SUSE bug 1047925 SUSE bug 1047936 SUSE bug 1048299 SUSE bug 1049186 SUSE bug 1050653 SUSE bug 1056058 SUSE bug 1058013 SUSE bug 1066242 SUSE bug 1066953 SUSE bug 1070738 SUSE bug 1070853 SUSE bug 1072320 SUSE bug 1072322 SUSE bug 1073796 SUSE bug 1073798 SUSE bug 1073799 SUSE bug 1073803 SUSE bug 1073808 SUSE bug 1073818 SUSE bug 1073823 SUSE bug 1073829 SUSE bug 1073830 SUSE bug 1073832 SUSE bug 1073846 SUSE bug 1074235 SUSE bug 1077230 SUSE bug 1079761 SUSE bug 1081750 SUSE bug 1082318 SUSE bug 1087453 SUSE bug 1087459 SUSE bug 1087463 SUSE bug 1088573 SUSE bug 1091764 SUSE bug 1094814 SUSE bug 1097158 SUSE bug 1097375 SUSE bug 1097401 SUSE bug 1097404 SUSE bug 1097748 SUSE bug 1104841 SUSE bug 1105019 SUSE bug 1107030 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 SUSE bug 1120644 SUSE bug 1122191 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1127532 SUSE bug 1129346 SUSE bug 1130694 SUSE bug 1130840 SUSE bug 1133452 SUSE bug 1133810 SUSE bug 1134209 SUSE bug 1138459 SUSE bug 1140290 SUSE bug 1140868 SUSE bug 1141853 SUSE bug 1144919 SUSE bug 1145665 SUSE bug 1146090 SUSE bug 1146091 SUSE bug 1146093 SUSE bug 1146094 SUSE bug 1146095 SUSE bug 1146097 SUSE bug 1146099 SUSE bug 1146100 SUSE bug 1149323 SUSE bug 1153423 SUSE bug 1154738 SUSE bug 1447070 SUSE bug 1447409 SUSE bug 744625 SUSE bug 744629 SUSE bug 845955 SUSE bug 865853 SUSE bug 905528 SUSE bug 917607 SUSE bug 935856 SUSE bug 937414 SUSE bug 947747 SUSE bug 948045 SUSE bug 948602 SUSE bug 955142 SUSE bug 957814 SUSE bug 957815 SUSE bug 961254 SUSE bug 962297 SUSE bug 966076 SUSE bug 966077 SUSE bug 985201 SUSE bug 986541 SUSE bug 991344 SUSE bug 998743 CVE-2013-2882 CVE-2013-6639 CVE-2013-6640 CVE-2013-6668 CVE-2014-0224 CVE-2015-3193 CVE-2015-3194 CVE-2015-5380 CVE-2015-7384 CVE-2016-2086 CVE-2016-2178 CVE-2016-2183 CVE-2016-2216 CVE-2016-5172 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 CVE-2017-1000381 CVE-2017-10686 CVE-2017-11111 CVE-2017-11499 CVE-2017-14228 CVE-2017-14849 CVE-2017-14919 CVE-2017-15896 CVE-2017-15897 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 CVE-2017-18207 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-1000168 CVE-2018-12115 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-20406 CVE-2018-20852 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 CVE-2018-7161 CVE-2018-7167 CVE-2019-10160 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13173 CVE-2019-15903 CVE-2019-5010 CVE-2019-5737 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2019-9636 CVE-2019-9811 CVE-2019-9812 CVE-2019-9947 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. Moderate SUSE bug 1137338 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Important SUSE bug 940806 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for fontconfig (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] Low SUSE bug 992534 CVE-2016-5384 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for foomatic-filters (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Moderate SUSE bug 957531 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for freeradius-server fixes the following issues: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bnc#1041445) - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. (bnc#935573) The following non security issue was fixed: - Cannot create table radpostauth because of deprecated TIMESTAMP(14) syntax. (bsc#912873) Moderate SUSE bug 1041445 SUSE bug 912873 SUSE bug 935573 CVE-2015-4680 CVE-2017-9148 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10979 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c (CVE-2014-9745, bsc#945849) - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (CVE-2014-9747, bsc#947966) Moderate SUSE bug 945849 SUSE bug 947966 CVE-2014-9745 CVE-2014-9747 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) Moderate SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for freetype2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c (bsc#1034191). Moderate SUSE bug 1034191 CVE-2016-10328 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for fuse (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Moderate SUSE bug 1101797 CVE-2018-10906 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gcc43 fixes the following issues: Security issue fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] New features: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection to mitigate the Stack Clash attack. [bnc#1039513] Non security bugs fixed: - Fixed build of 32bit libgcov.a with LFS support. [bsc#1044016] - Fixed issue with libstdc++ functional when an exception is thrown during construction. [bsc#999596] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed ICE compiling AFS modules for the s390x kernel. [bsc#938159] - Backport large file support from GCC 4.6. Moderate SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1045091 SUSE bug 1059075 SUSE bug 1074621 SUSE bug 938159 SUSE bug 977654 SUSE bug 999596 CVE-2017-1000376 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc43 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) Moderate SUSE bug 1086069 SUSE bug 1092807 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gcc5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed: - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. Moderate SUSE bug 939460 SUSE bug 945842 SUSE bug 953831 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] Moderate SUSE bug 988032 CVE-2016-6161 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Moderate SUSE bug 1015187 CVE-2016-9933 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Moderate SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 CVE-2016-10167 CVE-2016-10168 CVE-2016-9317 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gd (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This non-security issue was fixed: - Fixed gd2togif error message (bsc#1025223) Moderate SUSE bug 1025223 SUSE bug 1076391 CVE-2018-5711 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237) Moderate SUSE bug 1004237 CVE-2016-8602 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Important SUSE bug 1001951 SUSE bug 939342 CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Important SUSE bug 1036453 CVE-2017-8291 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript-library fixes several issues. These security issues were fixed: - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Moderate SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-9601 CVE-2017-11714 CVE-2017-7207 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c (bsc#1090099) - Fixed a crash in the fix for CVE-2016-9601. Moderate SUSE bug 1090099 CVE-2016-9601 CVE-2018-10194 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893) Important SUSE bug 1050893 SUSE bug 1106173 SUSE bug 1107410 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107426 CVE-2017-9611 CVE-2018-15910 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for ghostscript-library (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Moderate SUSE bug 960319 CVE-2015-7555 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for giflib (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). Moderate SUSE bug 974847 CVE-2016-3977 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glib2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). Moderate SUSE bug 1107116 SUSE bug 1111499 CVE-2018-16429 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glib2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Important SUSE bug 1137001 CVE-2019-12450 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) Important SUSE bug 830257 SUSE bug 851280 SUSE bug 918187 SUSE bug 920338 SUSE bug 927080 SUSE bug 928723 SUSE bug 932059 SUSE bug 933770 SUSE bug 933903 SUSE bug 935286 CVE-2013-2207 CVE-2014-8121 CVE-2015-1781 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Important SUSE bug 930721 SUSE bug 942317 SUSE bug 950944 SUSE bug 956988 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Moderate SUSE bug 931399 SUSE bug 965699 SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 973179 SUSE bug 980483 SUSE bug 980854 SUSE bug 986302 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Important SUSE bug 1039357 CVE-2017-1000366 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Important SUSE bug 1074293 CVE-2018-1000001 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1074293 SUSE bug 1079036 SUSE bug 978209 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger (bsc#1076871) Moderate SUSE bug 1076871 SUSE bug 1081556 CVE-2017-12133 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. Important SUSE bug 1077763 SUSE bug 1079625 SUSE bug 1086690 SUSE bug 1094161 CVE-2018-11236 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Important SUSE bug 1058774 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 941234 CVE-2015-5180 CVE-2017-15670 CVE-2017-15804 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). Moderate SUSE bug 1064569 SUSE bug 1110170 SUSE bug 1110174 CVE-2017-15671 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). Important SUSE bug 1127308 CVE-2019-9169 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for glibc (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for glibc fixes the following issues: - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for glibc (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) Important SUSE bug 1193615 SUSE bug 1193616 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2015-8982 CVE-2015-8983 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for gnome-session (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gnome-session fixes the following issues: - CVE-2017-11171: Fix a denial of service condition. an unauthenticated local user can create ICE connections, causing a file descriptor leak in gnome-session (bsc#1048274). Moderate SUSE bug 1048274 CVE-2017-11171 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Moderate SUSE bug 925499 SUSE bug 932026 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Moderate SUSE bug 924828 SUSE bug 947271 SUSE bug 957568 CVE-2015-2806 CVE-2015-8313 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 961491 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1040621 CVE-2017-6891 CVE-2017-7869 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gpg2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Moderate SUSE bug 918089 SUSE bug 918090 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gpg2 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Also following bugs were fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Important SUSE bug 884828 SUSE bug 884830 SUSE bug 946148 SUSE bug 952539 SUSE bug 954592 SUSE bug 956631 CVE-2015-8370 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for grub2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for grub2 fixes the following issues: Security issue fixed: - CVE-2017-9763: Fixed a memory leak in grub_ext2_read_block (bsc#1045063) Other issues addressed: - Added support for tftp block counter roll-over and backported support for efinetSNP open (bsc#1124662). Moderate SUSE bug 1045063 SUSE bug 1124662 CVE-2017-9763 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Fix packed-not-aligned error on GCC 8 (bsc#1084632) Important SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for grub2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) grub2 was updated to the 2.02 version (same as SUSE Linux Enterprise 12 SP3). Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2017-9763 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for gstreamer-0_10-plugins-base (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Moderate SUSE bug 1013669 CVE-2016-9811 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076). - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079). - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1024076 SUSE bug 1024079 SUSE bug 1133375 CVE-2017-5837 CVE-2017-5844 CVE-2019-9928 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for gstreamer-0_10-plugins-good (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 gstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Moderate SUSE bug 922741 SUSE bug 942801 SUSE bug 948791 CVE-2015-4491 CVE-2015-7674 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gdk2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Moderate SUSE bug 958963 SUSE bug 960155 CVE-2015-7552 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Moderate SUSE bug 966682 SUSE bug 988745 SUSE bug 991450 CVE-2013-7447 CVE-2016-6352 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). Moderate SUSE bug 1053417 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for gtk2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). Moderate SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1039465 SUSE bug 1048289 SUSE bug 1048544 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for guile (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129). Moderate SUSE bug 917129 CVE-2014-9654 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for icu fixes the following issue: The previous patch for CVE-2014-9654 was incorrect and lead to non-working regular expressions. This update fixes this problem (bsc#952260) Moderate SUSE bug 952260 CVE-2014-9654 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). Moderate SUSE bug 1012224 CVE-2014-9911 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for icu fixes the following issues: - CVE-2014-9911: The fix was updated to not crash (NULL ptr deref) when resPath is NULL (bsc#1023033). Moderate SUSE bug 1023033 CVE-2014-9911 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for icu (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) Important SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 990636 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for inn (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for inn fixes the following issues: - CVE-2021-31998: Fixed locale privialge escalation during the update of inn (bsc#1182321). Important SUSE bug 1182321 CVE-2021-31998 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for intel-SINIT (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for intel-SINIT fixes the following issues: Security issue fixed: - CVE-2011-5174: Fixed security issue in old SINIT files which allowed local users to bypass the TXT protection mechanism (bsc#1069754). Important SUSE bug 1069754 CVE-2011-5174 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ipmitool (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed several buffer overflows (bsc#1163026). - Added a missing patch for DDR4 support (bsc#1038508). Important SUSE bug 1038508 SUSE bug 1163026 CVE-2020-5208 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed: - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests (bsc#931989). Due to a packaging error, the racoonf.conf config file was symlinked to /usr/share/doc/packages/ipsec-tools/examples/racoon/samples/racoon.conf on some processor platforms, edits might have happened only in this example file. Before upgrading, please check if /etc/racoon/racoon.conf is a symlink to this example file and backup the content. (bsc#939810) Moderate SUSE bug 931989 SUSE bug 939810 CVE-2015-4047 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Moderate SUSE bug 1047443 CVE-2016-10396 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jakarta-commons-collections (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update to jakarta-commons-collections 3.2.2 fixes the following security issues: * bsc#954102 code-execution by unserialization Moderate SUSE bug 954102 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for jakarta-taglibs-standard (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Important SUSE bug 920813 CVE-2015-0254 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for jasper fixes the following issues: Security fixes: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015400 SUSE bug 1015993 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jasper (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Important SUSE bug 935540 SUSE bug 938895 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The java-1_7_1-ibm package was updated to version 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Important SUSE bug 941939 SUSE bug 955131 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Important SUSE bug 960402 SUSE bug 963937 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Important SUSE bug 977646 SUSE bug 977648 SUSE bug 977650 SUSE bug 979252 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_July_18_2017_CPU Important SUSE bug 1053431 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm fixes the following issues: * CVE-2017-10349: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10348: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10388: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-9841: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10293: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10345: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10350: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10356: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10357: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10347: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10355: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10285: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10281: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10295: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10346: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-10165: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm provides the following fix: The version was updated to 7.1.4.20 [bsc#1082810] * Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 929900 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Important SUSE bug 992537 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for jpeg (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Moderate SUSE bug 1062937 SUSE bug 1096209 SUSE bug 1098155 CVE-2017-15232 CVE-2018-1152 CVE-2018-11813 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kdebase4-workspace (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Moderate SUSE bug 904625 SUSE bug 929718 CVE-2014-8651 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kdelibs3 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kdelibs3 fixes the following issues: - CVE-2015-7543: Insecure creation of temporary directories allowed local users to hijack the IPC by pre-creating the temporary directory (bsc#958347). Moderate SUSE bug 958347 CVE-2015-7543 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Important SUSE bug 909589 SUSE bug 954847 SUSE bug 971030 SUSE bug 974620 SUSE bug 979915 SUSE bug 982544 SUSE bug 983721 SUSE bug 984755 SUSE bug 986362 SUSE bug 986572 SUSE bug 988498 CVE-2016-4470 CVE-2016-4997 CVE-2016-5829 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. (FATE#319026) The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104 bsc#922947 bsc#968014). The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg (fate#319286). - ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (fate#319286). - alsa: hda - Add Intel Lewisburg device IDs Audio (fate#319286). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - avoid dentry crash triggered by NFS (bsc#984194). - bigmem: Add switch to configure bigmem patches (bsc#928138,fate#319026). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bnx2x: fix lockdep splat (bsc#908684 FATE#317539). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() (FATE#313903). - dm thin: fix race condition when destroying thin pool workqueue (FATE#313903). - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - drivers: hv: vmbus: handle various crash scenarios (bnc#986337). - drivers: hv: vmbus: remove code duplication in message handling (bnc#986337). - drivers: hv: vss: run only on supported host versions (bnc#986337). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - i2c: i801: add Intel Lewisburg device IDs (fate#319286). - i40e: fix an uninitialized variable bug (bsc#909484 FATE#317397). - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - introduce SIZE_MAX (bsc#1000189). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi: Import kabi files from 3.0.101-80 - kabi-fix for flock_owner addition (bsc#998689). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: sanity check cpu number extracted from xid (bsc#988440). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - bigmem: make bigmem patches configurable (bsc#928138,fate#319026). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid10: always set reshape_safe when initializing reshape_position (fate#311379). - md/raid10: Fix memory leak when raid10 reshape completes (fate#311379). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - Move patches that create ppc64-bigmem to the powerpc section. Add comments that outline the procedure and warn the unsuspecting. - move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - oom: print nodemask in the oom report (bnc#1003866). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - pciback: return proper values during BAR sizing. - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models (fate#321400). - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - ppp: defer netns reference release for ppp channel (bsc#980371). - qlcnic: fix a timeout loop (bsc#909350 FATE#317546) - random32: add prandom_u32_max (bsc#989152). - remove problematic preprocessor constructs (bsc#928138,fate#319026). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - rpm/package-descriptions: add -bigmem description - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - sata: Adding Intel Lewisburg device IDs for SATA (fate#319286). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scripts/bigmem-generate-ifdef-guard: auto-regen patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: Include this script to regenerate patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: make executable - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618 FATE#317521). - sort hyperv patches properly in series.conf - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458 FATE#317507). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, a.o.). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: do not deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support (fate#321400). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors (fate#321400). - x86/gart: Check for GART support before accessing GART registers (fate#321400). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - zfcp: close window with unblocked rport during rport gone (bnc#1003677, LTC#144310). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677, LTC#144312). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677, LTC#144308). - zfcp: fix payload trace length for SAN request&response (bnc#1003677, LTC#144312). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677, LTC#144312). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677, LTC#144312). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677, LTC#144312). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677, LTC#144312). - zfcp: trace on request for open and close of WKA port (bnc#1003677, LTC#144312). Important SUSE bug 1000189 SUSE bug 1001419 SUSE bug 1002165 SUSE bug 1003077 SUSE bug 1003344 SUSE bug 1003568 SUSE bug 1003677 SUSE bug 1003866 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1004520 SUSE bug 1005857 SUSE bug 1005896 SUSE bug 1005903 SUSE bug 1006917 SUSE bug 1006919 SUSE bug 1007944 SUSE bug 763198 SUSE bug 771065 SUSE bug 799133 SUSE bug 803320 SUSE bug 839104 SUSE bug 843236 SUSE bug 860441 SUSE bug 863873 SUSE bug 865783 SUSE bug 871728 SUSE bug 907611 SUSE bug 908458 SUSE bug 908684 SUSE bug 909077 SUSE bug 909350 SUSE bug 909484 SUSE bug 909618 SUSE bug 909994 SUSE bug 911687 SUSE bug 915183 SUSE bug 920016 SUSE bug 922634 SUSE bug 922947 SUSE bug 928138 SUSE bug 929141 SUSE bug 934760 SUSE bug 951392 SUSE bug 956514 SUSE bug 960689 SUSE bug 963655 SUSE bug 967716 SUSE bug 968010 SUSE bug 968014 SUSE bug 971975 SUSE bug 971989 SUSE bug 973203 SUSE bug 974620 SUSE bug 976867 SUSE bug 977687 SUSE bug 979514 SUSE bug 979595 SUSE bug 979681 SUSE bug 980371 SUSE bug 982218 SUSE bug 982783 SUSE bug 983535 SUSE bug 983619 SUSE bug 984102 SUSE bug 984194 SUSE bug 984992 SUSE bug 985206 SUSE bug 986337 SUSE bug 986362 SUSE bug 986365 SUSE bug 986445 SUSE bug 987565 SUSE bug 988440 SUSE bug 989152 SUSE bug 989261 SUSE bug 989764 SUSE bug 989779 SUSE bug 991608 SUSE bug 991665 SUSE bug 991923 SUSE bug 992566 SUSE bug 993127 SUSE bug 993890 SUSE bug 993891 SUSE bug 994296 SUSE bug 994436 SUSE bug 994618 SUSE bug 994759 SUSE bug 994926 SUSE bug 995968 SUSE bug 996329 SUSE bug 996664 SUSE bug 997708 SUSE bug 998399 SUSE bug 998689 SUSE bug 999584 SUSE bug 999600 SUSE bug 999907 SUSE bug 999932 CVE-2013-4312 CVE-2015-7513 CVE-2015-8956 CVE-2016-0823 CVE-2016-3841 CVE-2016-4997 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - KABI fix (bsc#1014410). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - ibmveth: calculate gso_segs for large packets (bsc#1019165). - ibmveth: set correct gso_size and gso_type (bsc#1019165). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491 FATE#317388). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297 FATE#313656). - igb: Fix oops caused by missing queue pairing (bsc#909491 FATE#317388). - igb: Fix oops on changing number of rings (bsc#909491 FATE#317388). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491 FATE#317388). - igb: Unpair the queues when changing the number of queues (bsc#909491 FATE#317388). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: Fix error flow when sending mads under SRIOV (bsc#786036 FATE#314304). - mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036 FATE#314304). - mlx4: Fix memory leak if QP creation failed (bsc#786036 FATE#314304). - mlx4: Fix potential deadlock when sending mad to wire (bsc#786036 FATE#314304). - mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036 FATE#314304). - mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036 FATE#314304). - mlx4: add missing braces in verify_qp_parameters (bsc#786036 FATE#314304). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036 FATE#314304). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382 FATE#317529). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036 FATE#314304). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bsc#919382 FATE#317529). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036 FATE#314304). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382 FATE#317529). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382 FATE#317529). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382 FATE#317529). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036 FATE#314304). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036 FATE#314304). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382 FATE#317529). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382 FATE#317529). - netfront: do not truncate grant references. - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201). - printk/sched: Introduce special printk_sched() for those awkward (bsc#996541). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350 FATE#317546). - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999 FATE#313899). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/zcrypt: kernel: Fix invalid domain response handling (bsc#1016320). - scsi: Fix erratic device offline during EH (bsc#993832). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Fix temperature reporting (bnc#790588 FATE#313912). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - xenbus: do not invoke is_ready() for most device states (bsc#987333). Important SUSE bug 1003813 SUSE bug 1005877 SUSE bug 1007615 SUSE bug 1008557 SUSE bug 1008645 SUSE bug 1008831 SUSE bug 1008833 SUSE bug 1008893 SUSE bug 1009875 SUSE bug 1010150 SUSE bug 1010175 SUSE bug 1010201 SUSE bug 1010467 SUSE bug 1010501 SUSE bug 1010507 SUSE bug 1010711 SUSE bug 1010713 SUSE bug 1010716 SUSE bug 1011685 SUSE bug 1011820 SUSE bug 1012183 SUSE bug 1012411 SUSE bug 1012422 SUSE bug 1012832 SUSE bug 1012851 SUSE bug 1012852 SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1013038 SUSE bug 1013042 SUSE bug 1013070 SUSE bug 1013531 SUSE bug 1013542 SUSE bug 1014410 SUSE bug 1014454 SUSE bug 1014746 SUSE bug 1015561 SUSE bug 1015752 SUSE bug 1015760 SUSE bug 1015796 SUSE bug 1015803 SUSE bug 1015817 SUSE bug 1015828 SUSE bug 1015844 SUSE bug 1015848 SUSE bug 1015878 SUSE bug 1015932 SUSE bug 1016320 SUSE bug 1016505 SUSE bug 1016520 SUSE bug 1016668 SUSE bug 1016688 SUSE bug 1016824 SUSE bug 1016831 SUSE bug 1017686 SUSE bug 1017710 SUSE bug 1019079 SUSE bug 1019148 SUSE bug 1019165 SUSE bug 1019348 SUSE bug 1019783 SUSE bug 1020214 SUSE bug 1021258 SUSE bug 748806 SUSE bug 786036 SUSE bug 790588 SUSE bug 795297 SUSE bug 800999 SUSE bug 821612 SUSE bug 824171 SUSE bug 851603 SUSE bug 853052 SUSE bug 871728 SUSE bug 901809 SUSE bug 909350 SUSE bug 909491 SUSE bug 913387 SUSE bug 914939 SUSE bug 919382 SUSE bug 924708 SUSE bug 925065 SUSE bug 953233 SUSE bug 961589 SUSE bug 962846 SUSE bug 969340 SUSE bug 973691 SUSE bug 987333 SUSE bug 987576 SUSE bug 989152 SUSE bug 989680 SUSE bug 989896 SUSE bug 990245 SUSE bug 992991 SUSE bug 993739 SUSE bug 993832 SUSE bug 996541 SUSE bug 996557 SUSE bug 997401 SUSE bug 999101 CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-5696 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Important SUSE bug 1027565 CVE-2017-2636 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Critical) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Critical SUSE bug 1018074 SUSE bug 1035920 SUSE bug 1039348 SUSE bug 1042921 SUSE bug 1043234 CVE-2017-1000364 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Important SUSE bug 1000365 SUSE bug 1000380 SUSE bug 1012422 SUSE bug 1013018 SUSE bug 1015452 SUSE bug 1023051 SUSE bug 1029140 SUSE bug 1029850 SUSE bug 1030552 SUSE bug 1030593 SUSE bug 1030814 SUSE bug 1032340 SUSE bug 1032471 SUSE bug 1034026 SUSE bug 1034670 SUSE bug 1035576 SUSE bug 1035721 SUSE bug 1035777 SUSE bug 1035920 SUSE bug 1036056 SUSE bug 1036288 SUSE bug 1036629 SUSE bug 1037191 SUSE bug 1037193 SUSE bug 1037227 SUSE bug 1037232 SUSE bug 1037233 SUSE bug 1037356 SUSE bug 1037358 SUSE bug 1037359 SUSE bug 1037441 SUSE bug 1038544 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039258 SUSE bug 1039354 SUSE bug 1039456 SUSE bug 1039594 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1040351 SUSE bug 1041160 SUSE bug 1041431 SUSE bug 1041762 SUSE bug 1041975 SUSE bug 1042045 SUSE bug 1042615 SUSE bug 1042633 SUSE bug 1042687 SUSE bug 1042832 SUSE bug 1042863 SUSE bug 1043014 SUSE bug 1043234 SUSE bug 1043935 SUSE bug 1044015 SUSE bug 1044125 SUSE bug 1044216 SUSE bug 1044230 SUSE bug 1044854 SUSE bug 1044882 SUSE bug 1044913 SUSE bug 1045154 SUSE bug 1045356 SUSE bug 1045416 SUSE bug 1045479 SUSE bug 1045487 SUSE bug 1045525 SUSE bug 1045538 SUSE bug 1045547 SUSE bug 1045615 SUSE bug 1046107 SUSE bug 1046192 SUSE bug 1046715 SUSE bug 1047027 SUSE bug 1047053 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047523 SUSE bug 1047653 SUSE bug 1048185 SUSE bug 1048221 SUSE bug 1048232 SUSE bug 1048275 SUSE bug 1049128 SUSE bug 1049483 SUSE bug 1049603 SUSE bug 1049688 SUSE bug 1049882 SUSE bug 1050154 SUSE bug 1050431 SUSE bug 1051478 SUSE bug 1051515 SUSE bug 1051770 SUSE bug 1055680 SUSE bug 784815 SUSE bug 792863 SUSE bug 799133 SUSE bug 909618 SUSE bug 919382 SUSE bug 928138 SUSE bug 938352 SUSE bug 943786 SUSE bug 948562 SUSE bug 962257 SUSE bug 971975 SUSE bug 972891 SUSE bug 986924 SUSE bug 990682 SUSE bug 995542 CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). Important SUSE bug 1059525 CVE-2017-1000253 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870). - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095). - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348). - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - USB: hub: fix non-SS hub-descriptor handling (bsc#1047487). - USB: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - USB: visor: Match I330 phone more precisely (bsc#1047487). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - drm: re-enable error handling (bsc#1103884) - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). Important SUSE bug 1037441 SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1048185 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1057199 SUSE bug 1060245 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1080157 SUSE bug 1087081 SUSE bug 1092772 SUSE bug 1092903 SUSE bug 1093666 SUSE bug 1096547 SUSE bug 1097562 SUSE bug 1098822 SUSE bug 1099922 SUSE bug 1100132 SUSE bug 1100705 SUSE bug 1102517 SUSE bug 1102870 SUSE bug 1103119 SUSE bug 1103884 SUSE bug 1103909 SUSE bug 1104481 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1104901 SUSE bug 1105100 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105536 SUSE bug 1105723 SUSE bug 1106095 SUSE bug 1106105 SUSE bug 1106199 SUSE bug 1106202 SUSE bug 1106206 SUSE bug 1106209 SUSE bug 1106212 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106609 SUSE bug 1106886 SUSE bug 1106930 SUSE bug 1106995 SUSE bug 1107001 SUSE bug 1107064 SUSE bug 1107071 SUSE bug 1107650 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107949 SUSE bug 1108096 SUSE bug 1108170 SUSE bug 1108823 SUSE bug 1108912 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-14617 CVE-2018-14634 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#904899 bnc#905100). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed (bsc#1187215). - CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). The following non-security bugs were fixed: - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563). Important SUSE bug 1183089 SUSE bug 1184673 SUSE bug 1186109 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188876 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189399 SUSE bug 1190117 SUSE bug 1190351 SUSE bug 1191315 SUSE bug 1191660 SUSE bug 1191958 SUSE bug 1192036 SUSE bug 1192267 SUSE bug 904899 SUSE bug 905100 CVE-2014-7841 CVE-2020-36385 CVE-2021-20265 CVE-2021-33033 CVE-2021-3542 CVE-2021-3609 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-37159 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). - CVE-2021-4155: Fixed a data leak flaw that allows a local attacker to leak data on the XFS filesystem (bsc#1194272). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service (bsc#1193157). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). The following non-security bugs were fixed: - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - md: check the return of mddev_find() (bsc#1195109). Important SUSE bug 1171420 SUSE bug 1179599 SUSE bug 1190025 SUSE bug 1191580 SUSE bug 1193157 SUSE bug 1193669 SUSE bug 1193867 SUSE bug 1194272 SUSE bug 1195109 SUSE bug 1195543 SUSE bug 1195908 SUSE bug 1196079 SUSE bug 1196612 CVE-2019-0136 CVE-2020-12770 CVE-2020-27820 CVE-2021-3753 CVE-2021-4155 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kernel-source (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). * CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - NFS: never queue requests with rq_cong set on the sending queue (bsc#932458). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - Apparmor: fix file_permission if profile is updated (bsc#917968). - block: Discard bios do not have data (bsc#928988). - cifs: Fix missing crypto allocation (bnc#937402). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582). - drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi: Correctly set the scsi host/msg/status bytes (bnc#933936). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002) - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: enable sch_mqprio (bsc#932882) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). Moderate SUSE bug 777565 SUSE bug 867362 SUSE bug 873385 SUSE bug 883380 SUSE bug 884333 SUSE bug 886785 SUSE bug 891116 SUSE bug 894936 SUSE bug 915517 SUSE bug 917830 SUSE bug 917968 SUSE bug 919463 SUSE bug 920016 SUSE bug 920110 SUSE bug 920250 SUSE bug 920733 SUSE bug 921430 SUSE bug 923002 SUSE bug 923245 SUSE bug 923431 SUSE bug 924701 SUSE bug 925705 SUSE bug 925881 SUSE bug 925903 SUSE bug 926240 SUSE bug 926953 SUSE bug 927355 SUSE bug 928988 SUSE bug 929076 SUSE bug 929142 SUSE bug 929143 SUSE bug 930092 SUSE bug 930934 SUSE bug 931620 SUSE bug 932350 SUSE bug 932458 SUSE bug 932882 SUSE bug 933429 SUSE bug 933721 SUSE bug 933896 SUSE bug 933904 SUSE bug 933907 SUSE bug 933936 SUSE bug 934944 SUSE bug 935053 SUSE bug 935055 SUSE bug 935572 SUSE bug 935705 SUSE bug 935866 SUSE bug 935906 SUSE bug 936077 SUSE bug 936095 SUSE bug 936118 SUSE bug 936423 SUSE bug 936637 SUSE bug 936831 SUSE bug 936875 SUSE bug 936921 SUSE bug 936925 SUSE bug 937032 SUSE bug 937256 SUSE bug 937402 SUSE bug 937444 SUSE bug 937503 SUSE bug 937641 SUSE bug 937855 SUSE bug 938485 SUSE bug 939910 SUSE bug 939994 SUSE bug 940338 SUSE bug 940398 SUSE bug 940925 SUSE bug 940966 SUSE bug 942204 SUSE bug 942305 SUSE bug 942350 SUSE bug 942367 SUSE bug 942404 SUSE bug 942605 SUSE bug 942688 SUSE bug 942938 SUSE bug 943477 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 CVE-2015-6252 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The following non-security bugs were fixed: - alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561). - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658). - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - nvme: default to 4k device page size (bsc#967042). - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815). - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094). - sunrpc: restore fair scheduling to priority queues (bsc#955308). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: pl2303: clean up line-status handling (bnc#959649). - usb: pl2303: only wake up MSR queue on changes (bnc#959649). - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - xen: Update Xen config files (enable upstream block frontend). - ec2: Update kabi files and start tracking ec2 - xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#933782). - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200). - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818). - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369). - bnx2x: fix DMA API usage (bsc#953369). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200). - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369) - kbuild: create directory for dir/file.o (bsc#959312). - llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - pci: Update VPD size with correct length (bsc#958906). - pl2303: fix TIOCMIWAIT (bnc#959649). - pl2303: introduce private disconnect method (bnc#959649). - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514). - s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434). - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434). - s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434). - s390/cio: update measurement characteristics (bnc#958000, LTC#136434). - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143). - s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - supported.conf: Add xen-blkfront. - tg3: 5715 does not link up when autoneg off (bsc#904035). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix netpoll race condition (bsc#958912). - xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200). - xen-blkfront: Handle discard requests (bsc#961658 fate#320200). - xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200). - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200). - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200). - xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200). - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200). - xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200). - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200). - xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200). - xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200). - xen-blkfront: free allocated page (bsc#961658 fate#320200). - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200). - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200). - xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200). - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200). - xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200). - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200). - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200). - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200). - xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200). - xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200). - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200). - xen-blkfront: switch from llist to list (bsc#961658 fate#320200). - xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200). - xen-block: implement indirect descriptors (bsc#961658 fate#320200). - xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200). - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200). - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200). - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200). - xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200). - xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200). - xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200). - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200). - xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183). - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479). Important SUSE bug 758040 SUSE bug 904035 SUSE bug 912738 SUSE bug 915183 SUSE bug 924919 SUSE bug 933782 SUSE bug 937444 SUSE bug 940017 SUSE bug 940946 SUSE bug 942082 SUSE bug 947128 SUSE bug 948330 SUSE bug 949298 SUSE bug 951392 SUSE bug 951815 SUSE bug 952976 SUSE bug 953369 SUSE bug 954992 SUSE bug 955308 SUSE bug 955654 SUSE bug 955837 SUSE bug 955925 SUSE bug 956084 SUSE bug 956375 SUSE bug 956514 SUSE bug 956708 SUSE bug 956949 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 958000 SUSE bug 958463 SUSE bug 958886 SUSE bug 958906 SUSE bug 958912 SUSE bug 958951 SUSE bug 959190 SUSE bug 959312 SUSE bug 959399 SUSE bug 959649 SUSE bug 959705 SUSE bug 961500 SUSE bug 961509 SUSE bug 961516 SUSE bug 961658 SUSE bug 962965 SUSE bug 963276 SUSE bug 963561 SUSE bug 963765 SUSE bug 963767 SUSE bug 964201 SUSE bug 964818 SUSE bug 966094 SUSE bug 966137 SUSE bug 966437 SUSE bug 966693 SUSE bug 967042 SUSE bug 967972 SUSE bug 967973 SUSE bug 967974 SUSE bug 967975 SUSE bug 968011 SUSE bug 968012 SUSE bug 968013 SUSE bug 969307 CVE-2013-7446 CVE-2015-7515 CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO path switch was fixed. (bnc#1052311 bnc#1052365). The following non-security bugs were fixed: - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538). - alsa: hda - fix Lewisburg audio issue (fate#319286). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538). - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538). - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017). - nfs: Cache aggressively when file is open for writing (bsc#1053933). - nfs: Do drop directory dentry when error clearly requires it (bsc#1051932). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1053933). # Conflicts: # series.conf - nfs: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - nfs: invalidate file size when taking a lock (bsc#1053933). - pci: fix hotplug related issues (bnc#1054247, LTC#157731). - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - autofs: do not fail mount for transient error (bsc#1065180). - xen: avoid deadlock in xenbus (bnc#1047523). - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - bnx2x: prevent crash when accessing PTP with interface down (bsc#1060665). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - dm bufio: fix integer overflow when limiting maximum cache size (git-fixes). - drm/mgag200: Fixes for G200eH3. (bnc#1062842) - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand() to avoid deadloack (bsc#1067816). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484). - kabi fix for new hash_cred function (bsc#1012917). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation (fate#314508). - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl() (bsc#1051133). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180). - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - netback: coalesce (guest) RX SKBs as needed (bsc#1056504). - nfs: Fix ugly referral attributes (git-fixes). - nfs: improve shinking of access cache (bsc#1012917). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1064861, git-fixes). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888, git-fixes f2ab6219969f). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - powerpc/xics: Harden xics hypervisor backend (bnc#1056230). - powerpc: Correct instruction code for xxlor instruction (bsc#1064861, git-fixes). - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861, git-fixes). - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230). - powerpc: Make sure IPI handlers see data written by IPI senders (bnc#1056230). - reiserfs: fix race in readdir (bsc#1039803). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1054247, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247, LTC#157731). - s390/pci: improve pci hotplug (bnc#1054247, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1054247, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1054247, LTC#157731). - s390/pci: provide more debug information (bnc#1054247, LTC#157731). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1063301, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060245, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060245, LTC#159177). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - scsi: reset wait for IO completion (bsc#996376). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1060245, LTC#158494). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1060245, LTC#158494). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1060245, LTC#158493). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1060245, LTC#158494). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - usb-serial: check for NULL private data in pl2303_suse_disconnect (bsc#1064803). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#1036286). - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - xfs: fix inobt inode allocation search optimization (bsc#1013018). Important SUSE bug 1012917 SUSE bug 1013018 SUSE bug 1022967 SUSE bug 1024450 SUSE bug 1031358 SUSE bug 1036286 SUSE bug 1036629 SUSE bug 1037441 SUSE bug 1037667 SUSE bug 1037669 SUSE bug 1037994 SUSE bug 1039803 SUSE bug 1040609 SUSE bug 1042863 SUSE bug 1045154 SUSE bug 1045205 SUSE bug 1045327 SUSE bug 1045538 SUSE bug 1047523 SUSE bug 1050381 SUSE bug 1050431 SUSE bug 1051133 SUSE bug 1051932 SUSE bug 1052311 SUSE bug 1052365 SUSE bug 1052370 SUSE bug 1052593 SUSE bug 1053148 SUSE bug 1053152 SUSE bug 1053317 SUSE bug 1053802 SUSE bug 1053933 SUSE bug 1054070 SUSE bug 1054076 SUSE bug 1054093 SUSE bug 1054247 SUSE bug 1054305 SUSE bug 1054706 SUSE bug 1056230 SUSE bug 1056504 SUSE bug 1056588 SUSE bug 1057179 SUSE bug 1057796 SUSE bug 1058524 SUSE bug 1059051 SUSE bug 1060245 SUSE bug 1060665 SUSE bug 1061017 SUSE bug 1061180 SUSE bug 1062520 SUSE bug 1062842 SUSE bug 1063301 SUSE bug 1063544 SUSE bug 1063667 SUSE bug 1064803 SUSE bug 1064861 SUSE bug 1065180 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066618 SUSE bug 1066625 SUSE bug 1066650 SUSE bug 1066671 SUSE bug 1066700 SUSE bug 1066705 SUSE bug 1067085 SUSE bug 1067816 SUSE bug 1067888 SUSE bug 909484 SUSE bug 984530 SUSE bug 996376 CVE-2017-1000112 CVE-2017-10661 CVE-2017-12762 CVE-2017-13080 CVE-2017-14051 CVE-2017-14140 CVE-2017-14340 CVE-2017-14489 CVE-2017-15102 CVE-2017-15265 CVE-2017-15274 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-8831 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This update does this on the Intel x86_64 and IBM Power architecture. Updates are also necessary for the ARM architecture, but will be delivered in the next round of updates. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - autofs: fix careless error in recent commit (bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs: prevent speculative execution (bnc#1068032). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). Important SUSE bug 1013018 SUSE bug 1024612 SUSE bug 1034862 SUSE bug 1045479 SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1048185 SUSE bug 1050231 SUSE bug 1050431 SUSE bug 1056982 SUSE bug 1063043 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1066569 SUSE bug 1066693 SUSE bug 1066973 SUSE bug 1068032 SUSE bug 1068671 SUSE bug 1068984 SUSE bug 1069702 SUSE bug 1070771 SUSE bug 1070964 SUSE bug 1071074 SUSE bug 1071470 SUSE bug 1071695 SUSE bug 1072457 SUSE bug 1072561 SUSE bug 1072876 SUSE bug 1073792 SUSE bug 1073874 CVE-2017-11600 CVE-2017-13167 CVE-2017-14106 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Important SUSE bug 1068032 CVE-2017-5715 CVE-2017-5753 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). Important SUSE bug 1012382 SUSE bug 1045538 SUSE bug 1048585 SUSE bug 1050431 SUSE bug 1054305 SUSE bug 1059174 SUSE bug 1060279 SUSE bug 1060682 SUSE bug 1063544 SUSE bug 1064861 SUSE bug 1068032 SUSE bug 1068984 SUSE bug 1069508 SUSE bug 1070623 SUSE bug 1070781 SUSE bug 1073311 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074880 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075410 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075908 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076154 SUSE bug 1076278 SUSE bug 1076437 SUSE bug 1076849 SUSE bug 1077191 SUSE bug 1077355 SUSE bug 1077406 SUSE bug 1077487 SUSE bug 1077560 SUSE bug 1077922 SUSE bug 1078875 SUSE bug 1079917 SUSE bug 1080133 SUSE bug 1080359 SUSE bug 1080363 SUSE bug 1080372 SUSE bug 1080579 SUSE bug 1080685 SUSE bug 1080774 SUSE bug 1081500 SUSE bug 936530 SUSE bug 962257 CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Avoid quadratic search when freeing delegations (bsc#1084760). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - powerpc/64: Disable gmb() on powerpc - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - series.conf: fix the header It was corrupted back in 2015. - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - Update config files. Enable retpolines for i386 build. - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - usb: hub: fix SS hub-descriptor handling (bsc#1092372). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/xen: disable IBRS around CPU stopper function invocation - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). Important SUSE bug 1046610 SUSE bug 1052943 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1075088 SUSE bug 1080157 SUSE bug 1084760 SUSE bug 1087082 SUSE bug 1087092 SUSE bug 1089895 SUSE bug 1090630 SUSE bug 1090888 SUSE bug 1091041 SUSE bug 1091671 SUSE bug 1091755 SUSE bug 1091815 SUSE bug 1092372 SUSE bug 1092497 SUSE bug 1094019 CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. (bsc#1093600) The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and without eBPF maps the out-of-bounds access in speculative execution branch can't be mounted. Moreoever, seccomp BPF uses only such a subset of BPF that can only do absolute indexing, and therefore seccomp data buffer boundarier can't be crossed. Information condensed from Alexei and Kees. - ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline (bsc#1092497) - ib/mlx4: Convert slave port before building address-handle (bug#919382 FATE#317529). - KABI protect struct _lowcore (bsc#1089386). - Update config files, add Spectre mitigation for s390x (bnc#1089386, LTC#166572). - Update s390 config files (bsc#1089386). - fanotify: fix logic of events on child (bsc#1013018). - ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018). - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082). - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713, bsc#1093710). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, LTC#167429). - s390/dasd: fix IO error for newly defined devices (bnc#1091659, LTC#167398). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, LTC#168037). - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, LTC#165985). - s390: add automatic detection of the spectre defense (bnc#1089386, LTC#166572). - s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572). - s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572). - s390: correct module section names for expoline code revert (bsc#1089386). - s390: correct nospec auto detection init order (bnc#1089386, LTC#166572). - s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, LTC#166572). - s390: fix retpoline build on 31bit (bsc#1089386). - s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, LTC#166572). - s390: introduce execute-trampolines for branches (bnc#1089386, LTC#166572). - s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, LTC#166572). - s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572). - s390: run user space and KVM guests with modified branch prediction (bnc#1089386, LTC#166572). - s390: scrub registers on kernel entry and KVM exit (bnc#1089386, LTC#166572). - x86, mce: Fix mce_start_timer semantics (bsc#1090607). - x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL Important SUSE bug 1013018 SUSE bug 1070404 SUSE bug 1072689 SUSE bug 1087082 SUSE bug 1088343 SUSE bug 1089386 SUSE bug 1090607 SUSE bug 1091659 SUSE bug 1092497 SUSE bug 1093600 SUSE bug 1093710 SUSE bug 919382 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234). - CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Important SUSE bug 1082962 SUSE bug 1083900 SUSE bug 1085107 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1092904 SUSE bug 1094353 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097234 SUSE bug 1098016 SUSE bug 1099924 SUSE bug 1099942 SUSE bug 1100418 SUSE bug 1104475 SUSE bug 1104684 SUSE bug 909361 CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). Important SUSE bug 1108399 SUSE bug 1109967 CVE-2018-17182 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add 'on'/'off' support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert 'NFS: Make close(2) asynchronous when closing NFS O_DIRECT files' (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert ' libfc: use offload EM instance again instead jumping to next EM' (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove 'weak' from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Important SUSE bug 1012382 SUSE bug 1031572 SUSE bug 1068032 SUSE bug 1086695 SUSE bug 1087081 SUSE bug 1094244 SUSE bug 1098658 SUSE bug 1104098 SUSE bug 1104367 SUSE bug 1104684 SUSE bug 1104818 SUSE bug 1105536 SUSE bug 1106105 SUSE bug 1106886 SUSE bug 1107371 SUSE bug 1109330 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1112963 SUSE bug 1113667 SUSE bug 1114440 SUSE bug 1114672 SUSE bug 1114920 SUSE bug 1115007 SUSE bug 1115038 SUSE bug 1115827 SUSE bug 1115828 SUSE bug 1115829 SUSE bug 1115830 SUSE bug 1115831 SUSE bug 1115832 SUSE bug 1115833 SUSE bug 1115834 SUSE bug 1115835 SUSE bug 1115836 SUSE bug 1115837 SUSE bug 1115838 SUSE bug 1115839 SUSE bug 1115840 SUSE bug 1115841 SUSE bug 1115842 SUSE bug 1115843 SUSE bug 1115844 SUSE bug 1116841 SUSE bug 1117796 SUSE bug 1117802 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117943 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1118760 SUSE bug 1119255 SUSE bug 1119714 SUSE bug 1120056 SUSE bug 1120077 SUSE bug 1120086 SUSE bug 1120093 SUSE bug 1120094 SUSE bug 1120105 SUSE bug 1120107 SUSE bug 1120109 SUSE bug 1120217 SUSE bug 1120223 SUSE bug 1120226 SUSE bug 1120336 SUSE bug 1120347 SUSE bug 1120743 SUSE bug 1120950 SUSE bug 1121872 SUSE bug 1121997 SUSE bug 1122874 SUSE bug 1123505 SUSE bug 1123702 SUSE bug 1123706 SUSE bug 1124010 SUSE bug 1124735 SUSE bug 1125931 SUSE bug 931850 SUSE bug 969471 SUSE bug 969473 CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). - CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). - CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). - CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). - CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). - CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The following non-security bugs were fixed: - Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129439). - USB: Add new USB LPM helpers (bsc#1129770). - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename 'reclaim' (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - drm: Fix error handling in drm_legacy_addctx (bsc#1106886) - ext3: Set bitmap tails when growing filesystem (bsc#1128383). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106886) - iommu/vt-d: Check capability before disabling protected memory (bsc#1130353). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129248). - kernel/watchdog.c: control hard lockup detection default (bsc#1110436). - kvm: ensure hard lockup detection is disabled by default (bsc#1110436). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129437). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/mmap)). - mpt2sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bsc#1130384). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/qeth: cancel close_dev work before removing a card (LTC#175048, bsc#1127376). - s390/qeth: fix use-after-free in error path (LTC#175048, bsc#1127376, bsc#1127534). - s390/qeth: handle failure on workqueue creation (LTC#175048, bsc#1127376). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1111331). - sched/smt: Make sched_smt_present track topology (bsc#1111331). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: qla2xxx: do not disable a not previously enabled PCI device (bsc#1127738). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). Important SUSE bug 1082943 SUSE bug 1094244 SUSE bug 1103186 SUSE bug 1106886 SUSE bug 1110436 SUSE bug 1111331 SUSE bug 1112178 SUSE bug 1117515 SUSE bug 1119019 SUSE bug 1127082 SUSE bug 1127376 SUSE bug 1127445 SUSE bug 1127534 SUSE bug 1127738 SUSE bug 1128166 SUSE bug 1128383 SUSE bug 1129248 SUSE bug 1129437 SUSE bug 1129439 SUSE bug 1129770 SUSE bug 1130353 SUSE bug 1130384 SUSE bug 1131107 SUSE bug 1131587 SUSE bug 1132589 SUSE bug 773383 SUSE bug 774523 SUSE bug 797175 SUSE bug 800280 SUSE bug 801178 SUSE bug 816708 CVE-2012-3412 CVE-2012-3430 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-1979 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-9213 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kernel-firmware (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices (bsc#1077355) Moderate SUSE bug 1077355 CVE-2015-1142857 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer '^A' notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Important SUSE bug 814440 SUSE bug 879378 SUSE bug 879381 SUSE bug 900610 SUSE bug 904348 SUSE bug 904965 SUSE bug 921081 SUSE bug 926774 SUSE bug 930145 SUSE bug 930770 SUSE bug 930788 SUSE bug 930835 SUSE bug 932805 SUSE bug 935123 SUSE bug 935757 SUSE bug 937256 SUSE bug 937444 SUSE bug 938706 SUSE bug 939826 SUSE bug 939926 SUSE bug 939955 SUSE bug 940017 SUSE bug 940913 SUSE bug 940946 SUSE bug 941202 SUSE bug 942938 SUSE bug 943786 SUSE bug 944296 SUSE bug 944677 SUSE bug 944831 SUSE bug 944837 SUSE bug 944989 SUSE bug 944993 SUSE bug 945691 SUSE bug 945825 SUSE bug 945827 SUSE bug 946078 SUSE bug 946214 SUSE bug 946309 SUSE bug 947957 SUSE bug 948330 SUSE bug 948347 SUSE bug 948521 SUSE bug 949100 SUSE bug 949298 SUSE bug 949502 SUSE bug 949706 SUSE bug 949744 SUSE bug 949936 SUSE bug 949981 SUSE bug 950298 SUSE bug 950750 SUSE bug 950998 SUSE bug 951440 SUSE bug 952084 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 953799 SUSE bug 953980 SUSE bug 954404 SUSE bug 954628 SUSE bug 954950 SUSE bug 954984 SUSE bug 955673 SUSE bug 956709 CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable changes in this kernel: - It is now possible to mount a NFS export on the exporting host directly. The following security bugs were fixed: - CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213). - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512). The following non-security bugs were fixed: - acpi / PCI: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: hrtimer: Handle start/stop more properly (bsc#973378). - alsa: oxygen: add Xonar DGX support (bsc#982691). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying and updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hid-elo: kill not flush the work (bnc#982532). - hpsa: fix issues with multilun devices (bsc#959381). - hv: Assign correct ->can_queue value in hv_storvsc (bnc#969391) - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - Import kabi files from kernel 3.0.101-71 - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - ipvs: count pre-established TCP states as active (bsc#970114). - isofs: Revert 'get_rock_ridge_filename(): handle malformed NM entries' This reverts commit cb6ce3ec7a964e56da9ba9cd3c9f0e708b5c3b2c. It should have never landed in the tree (we already have the patch via c63531c60ff that came through CVE branch), but I messed up the merge. - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - llist: Add llist_next(). - make vfree() safe to call from interrupt contexts . - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one 'from' address not marked synced (bsc#971433). - NFS4: treat lock owners as opaque values (bnc#968141). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFSd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - NFSd: do not fail unchecked creates of non-special files (bsc#973237). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFS: use smaller allocations for 'struct idmap' (bsc#965923). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nvme: fix max_segments integer truncation (bsc#676471). - NVMe: Unify controller probe and resume (bsc#979347). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - PCI: Move pci_ari_enabled() to global header (bsc#968566). - RDMA/ucma: Fix AB-BA deadlock (bsc#963998). - Restore kabi after lock-owner change (bnc#968141). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - SCSI mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - Tidy series.conf, p5 Only one last patch which can be moved easily. There are some more x86-related things left at the end but moving them won't be that trivial. - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). Important SUSE bug 676471 SUSE bug 866130 SUSE bug 898592 SUSE bug 936530 SUSE bug 940413 SUSE bug 944309 SUSE bug 946122 SUSE bug 949752 SUSE bug 953369 SUSE bug 956491 SUSE bug 956852 SUSE bug 957986 SUSE bug 957988 SUSE bug 957990 SUSE bug 959381 SUSE bug 960458 SUSE bug 960857 SUSE bug 961512 SUSE bug 961518 SUSE bug 963762 SUSE bug 963998 SUSE bug 965319 SUSE bug 965860 SUSE bug 965923 SUSE bug 966245 SUSE bug 967863 SUSE bug 967914 SUSE bug 968010 SUSE bug 968018 SUSE bug 968141 SUSE bug 968500 SUSE bug 968566 SUSE bug 968670 SUSE bug 968687 SUSE bug 969149 SUSE bug 969391 SUSE bug 969571 SUSE bug 970114 SUSE bug 970504 SUSE bug 970892 SUSE bug 970909 SUSE bug 970911 SUSE bug 970948 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971125 SUSE bug 971126 SUSE bug 971360 SUSE bug 971433 SUSE bug 971446 SUSE bug 971729 SUSE bug 971944 SUSE bug 971947 SUSE bug 971989 SUSE bug 972363 SUSE bug 973237 SUSE bug 973378 SUSE bug 973556 SUSE bug 973570 SUSE bug 974646 SUSE bug 974787 SUSE bug 975358 SUSE bug 975772 SUSE bug 975945 SUSE bug 976739 SUSE bug 976868 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979213 SUSE bug 979274 SUSE bug 979347 SUSE bug 979419 SUSE bug 979548 SUSE bug 979595 SUSE bug 979867 SUSE bug 979879 SUSE bug 980371 SUSE bug 980725 SUSE bug 980788 SUSE bug 980931 SUSE bug 981231 SUSE bug 981267 SUSE bug 982532 SUSE bug 982691 SUSE bug 983143 SUSE bug 983213 SUSE bug 984107 CVE-2015-7566 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-5244 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Important SUSE bug 1004418 CVE-2016-5195 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kernel-source (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Important SUSE bug 1045340 SUSE bug 1045406 CVE-2017-1000364 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerability. [bnc#1057389] Important SUSE bug 1057389 CVE-2017-1000251 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use. - Btrfs: fix freeing used extent after removing empty block group. - Btrfs: fix freeing used extents after removing empty block group. - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming. - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation. - Btrfs: fix race between scrub and block group deletion. - Btrfs: fix race between transaction commit and empty block group removal. - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group. - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list. - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM. - Btrfs: make btrfs_issue_discard return bytes discarded. - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically. - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock. - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard. - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC. - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746). - s390/dasd: fix failing path verification (bnc#1096746). - trace: module: Maintain a valid user count (bsc#1097443). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). Important SUSE bug 1046610 SUSE bug 1052351 SUSE bug 1068054 SUSE bug 1079152 SUSE bug 1080837 SUSE bug 1083347 SUSE bug 1087086 SUSE bug 1087088 SUSE bug 1088997 SUSE bug 1088998 SUSE bug 1088999 SUSE bug 1089000 SUSE bug 1089001 SUSE bug 1089002 SUSE bug 1089003 SUSE bug 1089004 SUSE bug 1089005 SUSE bug 1089006 SUSE bug 1089007 SUSE bug 1089008 SUSE bug 1089010 SUSE bug 1089011 SUSE bug 1089012 SUSE bug 1089013 SUSE bug 1089016 SUSE bug 1089192 SUSE bug 1089199 SUSE bug 1089200 SUSE bug 1089201 SUSE bug 1089202 SUSE bug 1089203 SUSE bug 1089204 SUSE bug 1089205 SUSE bug 1089206 SUSE bug 1089207 SUSE bug 1089208 SUSE bug 1089209 SUSE bug 1089210 SUSE bug 1089211 SUSE bug 1089212 SUSE bug 1089213 SUSE bug 1089214 SUSE bug 1089215 SUSE bug 1089216 SUSE bug 1089217 SUSE bug 1089218 SUSE bug 1089219 SUSE bug 1089220 SUSE bug 1089221 SUSE bug 1089222 SUSE bug 1089223 SUSE bug 1089224 SUSE bug 1089225 SUSE bug 1089226 SUSE bug 1089227 SUSE bug 1089228 SUSE bug 1089229 SUSE bug 1089230 SUSE bug 1089231 SUSE bug 1089232 SUSE bug 1089233 SUSE bug 1089234 SUSE bug 1089235 SUSE bug 1089236 SUSE bug 1089237 SUSE bug 1089238 SUSE bug 1089239 SUSE bug 1089240 SUSE bug 1089241 SUSE bug 1093194 SUSE bug 1093195 SUSE bug 1093196 SUSE bug 1093197 SUSE bug 1093198 SUSE bug 1094244 SUSE bug 1094421 SUSE bug 1094422 SUSE bug 1094423 SUSE bug 1094424 SUSE bug 1094425 SUSE bug 1094436 SUSE bug 1094437 SUSE bug 1095241 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096746 SUSE bug 1097443 SUSE bug 1097445 SUSE bug 1097948 SUSE bug 973378 SUSE bug 989401 CVE-2018-3665 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351). The following non-security bugs were fixed: - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538). - ALSA: seq: Do not allow resizing pool in use (bsc#1045538). - Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078) - IB/mlx4: fix sprintf format warning (bnc#786036). - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036). - USB: uss720: fix NULL-deref at probe (bnc#1047487). - bna: integer overflow bug in debugfs (bnc#780242). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495). - fix a leak in /proc/schedstats (bsc#1094876). - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301). - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes). - module/retpoline: Warn about missing retpoline in module (bnc#1099177). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036). - net/mlx4_en: Change default QoS settings (bnc#786036 ). - net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105). - netxen: fix incorrect loop counter decrement (bnc#784815). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - s390/qdio: do not merge ERROR output buffers (bnc#1099709). - s390/qeth: do not dump control cmd twice (bnc#1099709). - s390/qeth: fix SETIP command handling (bnc#1099709). - s390/qeth: free netdevice when removing a card (bnc#1099709). - s390/qeth: lock read device while queueing next buffer (bnc#1099709). - s390/qeth: when thread completes, wake up all waiters (bnc#1099709). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: sg: mitigate read/write abuse (bsc#1101296). - tg3: do not clear stats while tg3_close (bnc#790588). - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966). - vmxnet3: use correct flag to indicate LRO feature (bsc#936423). - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408). - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177). Important SUSE bug 1045538 SUSE bug 1047487 SUSE bug 1087086 SUSE bug 1090078 SUSE bug 1094244 SUSE bug 1094876 SUSE bug 1098408 SUSE bug 1099177 SUSE bug 1099598 SUSE bug 1099709 SUSE bug 1099966 SUSE bug 1100089 SUSE bug 1100091 SUSE bug 1101296 SUSE bug 780242 SUSE bug 784815 SUSE bug 786036 SUSE bug 790588 SUSE bug 795301 SUSE bug 902351 SUSE bug 909495 SUSE bug 923242 SUSE bug 925105 SUSE bug 936423 CVE-2014-3688 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). - CVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829). The following non-security bugs were fixed: - Btrfs: fix deadlock when finalizing block group creation (bsc#1107849). - Btrfs: fix quick exhaustion of the system array in the superblock (bsc#1107849). - FS-Cache: Synchronise object death state change vs operation submission (bsc#1107371). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - KVM: Disable irq while unregistering user notifier (bsc#1106240). - KVM: SVM: obey guest PAT (bsc#1106240). - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (bsc#1106240). - KVM: emulate: fix CMPXCHG8B on 32-bit hosts (bsc#1106240). - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bsc#1106240). - KVM: x86: fix use of uninitialized memory as segment descriptor in emulator (bsc#1106240). - KVM: x86: zero base3 of unusable segments (bsc#1106240). - NFS - do not hang if xdr decoded username is bad (bsc#1105799). - NFSv4.1 - Do not leak IO size from one mount to another (bsc#1103145). - PCI/AER: Report non-fatal errors only to the affected endpoint (bsc#1109806). - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - PCI: shpchp: Check bridge's secondary (not primary) bus speed (bsc#1109806). - PCI: shpchp: Fix AMD POGO identification (bsc#1109806). - add kernel parameter to disable failfast on block devices (bsc#1081680). - block: add flag QUEUE_FLAG_REGISTERED (bsc#1047027). - block: allow gendisk's request_queue registration to be deferred (bsc#1047027). - crypto: ghash-clmulni-intel - use C implementation for setkey() (bsc#1110006). - dm: fix incomplete request_queue initialization (bsc#1047027). - dm: only initialize the request_queue once (bsc#1047027). - firmware/ihex2fw.c: restore missing default in switch statement (bsc#1114460). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (git-fixes). - locks: fix unlock when fcntl_setlk races with a close (git-fixes). - media: Fix invalid free in the fix for mceusb (bsc#1050431). - media: cx25821: prevent out-of-bounds read on array card (bsc#1050431). - media: ite-cir: initialize use_demodulator before using it (bsc#1050431). - media: mceusb: fix NULL-deref at probe (bsc#1050431). - media: mceusb: fix memory leaks in error path. - percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree() (git fixes). - powerpc, KVM: Rework KVM checks in first-level interrupt handlers (bsc#1094244). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bsc#1064861). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/asm: Mark cr0 as clobbered in mftb() (bsc#1049128). - powerpc/book3s: Introduce a early machine check hook in cpu_spec (bsc#1094244). - powerpc/book3s: Introduce exclusive emergency stack for machine check exception (bsc#1094244). - powerpc/book3s: Split the common exception prolog logic into two section (bsc#1094244). - powerpc/book3s: handle machine check in Linux host (bsc#1094244). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/pseries: Avoid using the size greater than (bsc#1094244). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc: Add a symbol for hypervisor trampolines (bsc#1094244). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - powerpc: Make load_hander handle upto 64k offset (bsc#1094244). - powerpc: Rework runlatch code (bsc#1094244). - powerpc: Save CFAR before branching in interrupt entry paths (bsc#1094244). - powerpc: cputable: KABI - hide new cpu_spec member from genksyms (bsc#1094244). - powerpc: move MCE handler out-of-line and consolidate with machine_check_fwnmi (bsc#1094244). - powerpc: move stab code into #ifndef CONFIG_POWER4_ONLY (bsc#1094244). - powerpc: replace open-coded EXCEPTION_PROLOG_1 with the macro in slb miss handlers (bsc#1094244). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108314, LTC#171326). - s390/sclp: Change SCLP console default buffer-full behavior (bnc#1108314, LTC#171049). - scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (bsc#1106139). - scsi: libfc: Do not login if the port is already started (bsc#1106139). - scsi: libfc: do not advance state machine for incoming FLOGI (bsc#1106139). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#923775). - signals: avoid unnecessary taking of sighand->siglock (bsc#1110247). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). Important SUSE bug 1031240 SUSE bug 1047027 SUSE bug 1049128 SUSE bug 1050431 SUSE bug 1064861 SUSE bug 1065600 SUSE bug 1066674 SUSE bug 1071021 SUSE bug 1081680 SUSE bug 1094244 SUSE bug 1094825 SUSE bug 1103145 SUSE bug 1105799 SUSE bug 1106139 SUSE bug 1106240 SUSE bug 1107371 SUSE bug 1107829 SUSE bug 1107849 SUSE bug 1108314 SUSE bug 1108498 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1110006 SUSE bug 1110247 SUSE bug 1113337 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114460 SUSE bug 923775 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-14633 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-9516 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel version 3.0.101 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2014-9710: The Btrfs implementation in the Linux kernel did not ensure that the visible xattr state is consistent with a requested replacement, which allowed local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data did not fit (bnc#923908). - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). The following non-security bugs were fixed: - cifs: fix uninitialized memory access (bsc#1120326). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kernel: Add CEX7 toleration support (bsc#1131295). - net: ipsec: fix a kernel oops caused by reentrant workqueue (bsc#1119314). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86/MCE: Handle 'nosmt' offlining properly (bsc#1134729). - xfs: do not cache inodes read through bulkstat (bsc#1134102). Important SUSE bug 1110785 SUSE bug 1113769 SUSE bug 1119314 SUSE bug 1120326 SUSE bug 1120843 SUSE bug 1120885 SUSE bug 1131295 SUSE bug 1131543 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1132580 SUSE bug 1133188 SUSE bug 1134102 SUSE bug 1134729 SUSE bug 1134848 SUSE bug 1137586 SUSE bug 923908 SUSE bug 939260 CVE-2014-9710 CVE-2018-17972 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11884 CVE-2019-5489 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758). - CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446). The following non-security bugs were fixed: - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835). - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650). - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650). - tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751) Important SUSE bug 1063416 SUSE bug 1090078 SUSE bug 1102340 SUSE bug 1120758 SUSE bug 1134395 SUSE bug 1134835 SUSE bug 1135650 SUSE bug 1136424 SUSE bug 1137194 SUSE bug 1138943 SUSE bug 1139751 CVE-2018-20836 CVE-2018-5390 CVE-2019-12614 CVE-2019-3459 CVE-2019-3460 CVE-2019-3846 CVE-2019-3896 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179). The following non-security bugs were fixed: - fix detection of race between fcntl-setlk and close (bsc#1140965). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744). Important SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1138744 SUSE bug 1139358 SUSE bug 1140945 SUSE bug 1140965 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1142023 SUSE bug 1143045 SUSE bug 1143179 SUSE bug 1143189 SUSE bug 1143191 CVE-2015-9289 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11-SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-17052: ax25_create in the AF_AX25 network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket, aka CID-0614e2b73768. (bnc#1152779) - CVE-2019-17055: base_sock_create in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (bnc#1152782) - CVE-2019-17054: atalk_create in the AF_APPLETALK network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. (bnc#1152786) - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17053: ieee802154_create in the AF_IEEE802154 network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users could create a raw socket, aka CID-e69dbd4619e7. (bnc#1152789) - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems. (bnc#1151347) - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function. (bnc#1146540) - CVE-2019-15807: There was a memory leak in the SAS expander driver when SAS expander discovery fails. This could cause a denial of service. (bnc#1148938) - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux the kernel's KVM hypervisor implemented the Coalesced MMIO write operation. It operated on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (bnc#1151350) - CVE-2019-15505: The Linux kernel had an out-of-bounds read via crafted USB device traffic (which may have been remote via usbip or usbredir). (bnc#1147122) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host. (bnc#1150112) - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bnc#1146361) - CVE-2019-9456: In the Android kernel in Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction was not needed for exploitation. (bnc#1150025) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c. (bnc#1149522) - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered)\ code lines were swapped. (bnc#1149376) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bnc#1146524) - CVE-2017-18509: An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue could be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurred because sk_type and protocol were not checked in the appropriate part of the ip6_mroute_* functions. (bnc#1145477) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bnc#1146391) - CVE-2019-15292: There was a use-after-free in atalk_proc_exit. (bnc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bnc#1146547) - CVE-2018-20976: A use after free was discovered in fs/xfs/xfs_super.c, related to xfs_fs_fill_super failure. (bnc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bnc#1146163) - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion. (bnc#1145922) The following non-security bugs were fixed: - add a missing lfence in kernel error entry and remove a superfluous lfence in userspace interrupt exit paths - Documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - array_index_nospec: Sanitize speculative array (bsc#1155671) - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state (bsc#1101061). - kABI Fix for IFU Patches (bsc#1117665). - kthread: Implement park/unpark facility (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop read-only large sptes when creating lower level sptes (bsc#1117665). - kvm: MMU: fast invalidate all pages (bsc1117665). - kvm: VMX: export PFEC.P bit on ept (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - mm/readahead.c: fix readahead failure for memoryless NUMA nodes and limit readahead pages (bsc#1143327). - mm: use only per-device readahead limit (bsc#1143327). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering (bsc#1150599). Important SUSE bug 1101061 SUSE bug 1113201 SUSE bug 1117665 SUSE bug 1131107 SUSE bug 1143327 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1145922 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146391 SUSE bug 1146524 SUSE bug 1146540 SUSE bug 1146547 SUSE bug 1146678 SUSE bug 1147122 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150599 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152779 SUSE bug 1152782 SUSE bug 1152786 SUSE bug 1152789 SUSE bug 1153158 SUSE bug 1155671 SUSE bug 802154 SUSE bug 936875 CVE-2017-18509 CVE-2017-18551 CVE-2018-12207 CVE-2018-20976 CVE-2019-10220 CVE-2019-11135 CVE-2019-14821 CVE-2019-14835 CVE-2019-15118 CVE-2019-15212 CVE-2019-15216 CVE-2019-15217 CVE-2019-15219 CVE-2019-15291 CVE-2019-15292 CVE-2019-15505 CVE-2019-15807 CVE-2019-15902 CVE-2019-15927 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17133 CVE-2019-9456 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bsc#1167629). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bsc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bsc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bsc#1159285). - CVE-2020-11608: Fixed a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bsc#1168829). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service or possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker is able to cause a denial of service or possibly execute arbitrary code, when a STA works in IBSS mode and connects to another STA (bsc#1157155). - CVE-2019-18675: Fixed an Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bsc#1157804). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bsc#1159911). - CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service by triggering bfa_port_get_stats() failures (bsc#1157303). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bsc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bsc#1159841). - CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be caused by a malicious USB device (bsc#1158824). - CVE-2019-19523: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bsc#115882). - CVE-2019-19537: Fixed a race condition that can be caused by a malicious USB device in the USB character device driver layer (bsc#1158904). - CVE-2019-19527, CVE-2019-19530, CVE-2019-19524: Fixed multiple use-after-free bug that could be caused by a malicious USB device (bsc#1158381, bsc#1158834, bsc#1158900). - CVE-2019-15213: Fixed a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bsc#1146544). - CVE-2019-19531: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bsc#1158445). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs (bsc#1157038). - CVE-2019-19227: Fixed a potential NULL pointer dereference in the AppleTalk subsystem (bsc#1157678). - CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd(), which allowed attackers to cause a denial of service (bsc#1157143). - CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c, which allowed attackers to cause a denial of service (bsc#1157070). - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which could cause denial of service (bsc#1149448). - CVE-2019-12456: Fixed a denial of service in _ctl_ioctl_main, which could be triggered by a local user (bsc#1136922). The following non-security bugs were fixed: - Input: add safety guards to input_set_keycode() (bsc#1168075). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: Fix oops scsi_disk_get() (bsc#1105327). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - kaiser: Fix for 32bit KAISER implementations (bsc#1157344). - klist: fix starting point removed bug in klist iterators (bsc#1156652). - kobject: Export kobject_get_unless_zero() (bsc#1105327). - kobject: fix kset_find_obj() race with concurrent last kobject_put() (bsc#1105327). - kref: minor cleanup (bsc#1105327). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - rpm/kernel-binary.spec.in: Replace Novell with SUSE - sched: Fix race between task_group and sched_task_group (bsc#1136471). - sched: Remove lockdep check in sched_move_task() (bsc#1136471). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1148871). - writeback: fix race that cause writeback hung (bsc#1161358). - x86: fix speculation bug reporting (bsc#1012382). Important SUSE bug 1012382 SUSE bug 1091041 SUSE bug 1105327 SUSE bug 1131107 SUSE bug 1136471 SUSE bug 1136922 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1146612 SUSE bug 1148871 SUSE bug 1149448 SUSE bug 1152631 SUSE bug 1156652 SUSE bug 1157038 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157303 SUSE bug 1157344 SUSE bug 1157678 SUSE bug 1157804 SUSE bug 1157923 SUSE bug 1158381 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158834 SUSE bug 1158900 SUSE bug 1158904 SUSE bug 1159285 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159911 SUSE bug 1161358 SUSE bug 1162928 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1164078 SUSE bug 1165111 SUSE bug 1165985 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168829 SUSE bug 1168854 CVE-2019-12456 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-15916 CVE-2019-18660 CVE-2019-18675 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074 CVE-2019-19227 CVE-2019-19523 CVE-2019-19524 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19537 CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20096 CVE-2020-10942 CVE-2020-11608 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). The following non-security bugs were fixed: - nfsd4: clean up open owners on OPEN failure (bsc#1154290). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). Important SUSE bug 1154290 SUSE bug 1154824 SUSE bug 1164871 SUSE bug 1170056 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171218 CVE-2020-0543 CVE-2020-10690 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a 'double fetch' vulnerability (bnc#1171218). - CVE-2019-5108: Fixed a denial-of-service vulnerability in the wifi stack. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). The following non-security bugs were fixed: - Fix gcc-discovered error in zeroing a struct (bnc#680814) Important SUSE bug 1159912 SUSE bug 1159913 SUSE bug 1162002 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1172775 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-5108 CVE-2020-0305 CVE-2020-10732 CVE-2020-10769 CVE-2020-10773 CVE-2020-12652 CVE-2020-12656 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-14353: Fixed an issue where keys - for keyctl prevent creating a different user's keyrings (bsc#1174993). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - cifs: bugfix for unreclaimed writeback pages in cifs_writev_requeue() (bsc#1177906). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - net/x25: fix a race in x25_bind() (bsc#1178590). - net/x25: prevent a couple of overflows (bsc#1178590). - tty: fix memleak in alloc_pid (bsc#1179745). - xfs: mark all internal workqueues as freezable (bsc#1181166). Important SUSE bug 1152107 SUSE bug 1168952 SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174205 SUSE bug 1174247 SUSE bug 1174993 SUSE bug 1175691 SUSE bug 1176011 SUSE bug 1176012 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 SUSE bug 1176395 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176722 SUSE bug 1176896 SUSE bug 1177206 SUSE bug 1177226 SUSE bug 1177666 SUSE bug 1177766 SUSE bug 1177906 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178622 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1181158 SUSE bug 1181166 SUSE bug 1181349 SUSE bug 1181553 CVE-2019-16746 CVE-2020-0404 CVE-2020-0431 CVE-2020-0465 CVE-2020-11668 CVE-2020-14331 CVE-2020-14353 CVE-2020-14381 CVE-2020-14390 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-28915 CVE-2020-28974 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28950: Fixed an infinite loop because a retry loop continually finds the same bad inode (bsc#1184194). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2021-20261: Fixed a race condition in the implementation of the floppy disk drive controller driver software (bsc#1183400). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). The following non-security bugs were fixed: - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1056134, bsc#1180963). Important SUSE bug 1056134 SUSE bug 1180963 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183400 SUSE bug 1183696 SUSE bug 1184120 SUSE bug 1184194 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184393 CVE-2020-35519 CVE-2020-36322 CVE-2021-20261 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28950 CVE-2021-28972 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4-LTSS The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-0512: Fixed a possible out of bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1187595) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861 bsc#1185863) - CVE-2021-29154: Fixed an incorrect computation of branch displacements in the BPF JIT compilers, which could allow to execute arbitrary code within the kernel context. (bsc#1184391) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859 bsc#1185863) - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1185863 bsc#1186062) - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862 bsc#1185863) The following non-security bugs were fixed: - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). Important SUSE bug 1184081 SUSE bug 1184391 SUSE bug 1184611 SUSE bug 1185859 SUSE bug 1185861 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1186062 SUSE bug 1187038 SUSE bug 1187452 SUSE bug 1187595 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-36386 CVE-2021-0512 CVE-2021-29154 CVE-2021-32399 CVE-2021-34693 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085513, LTC#165135). - cifs: fix buffer overflow in cifs_build_path_to_root() (bsc#1085113). - drm/mgag200: fix a test in mga_vga_mode_valid() (bsc#1087092). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1013018). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1013018). - ide-cd: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kabi: x86/kaiser: properly align trampoline stack. - keys: do not let add_key() update an uninstantiated key (bnc#1063416). - keys: prevent creating a different user's keyrings (bnc#1065999). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - nfsv4: fix getacl head length estimation (git-fixes). - pci: Use function 0 VPD for identical functions, regular VPD for others (bnc#943786 git-fixes). - pipe: actually allow root to exceed the pipe buffer limits (git-fixes). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075088). - qeth: repair SBAL elements calculation (bnc#1085513, LTC#165484). - Revert 'USB: cdc-acm: fix broken runtime suspend' (bsc#1067912) - s390/qeth: fix underestimated count of buffer elements (bnc#1082091, LTC#164529). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xen/x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - xen/x86/cpu: Check speculation control CPUID bit (bsc#1068032). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/cpu: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Important SUSE bug 1010470 SUSE bug 1013018 SUSE bug 1039348 SUSE bug 1052943 SUSE bug 1062568 SUSE bug 1062840 SUSE bug 1063416 SUSE bug 1063516 SUSE bug 1065600 SUSE bug 1065999 SUSE bug 1067118 SUSE bug 1067912 SUSE bug 1068032 SUSE bug 1072689 SUSE bug 1072865 SUSE bug 1075088 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1078669 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078674 SUSE bug 1080464 SUSE bug 1080757 SUSE bug 1080813 SUSE bug 1081358 SUSE bug 1082091 SUSE bug 1082424 SUSE bug 1083242 SUSE bug 1083275 SUSE bug 1083483 SUSE bug 1083494 SUSE bug 1084536 SUSE bug 1085113 SUSE bug 1085279 SUSE bug 1085331 SUSE bug 1085513 SUSE bug 1086162 SUSE bug 1087092 SUSE bug 1087260 SUSE bug 1087762 SUSE bug 1088147 SUSE bug 1088260 SUSE bug 1089608 SUSE bug 909077 SUSE bug 940776 SUSE bug 943786 CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2017-5715 CVE-2018-10087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). The following non-security bugs were fixed: - kvm/x86: fix icebp instruction handling (bsc#1087088). - media: cpia2: Fix a couple off by one bugs (bsc#1050431). - nfs: add nostatflush mount option (bsc#1065726). - nfs: allow flush-on-stat to be disabled (bsc#1065726). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bnc#1032084, FATE#323225). - powerpc/fadump: reuse crashkernel parameter for fadump memory reservation (bnc#1032084, FATE#323225). - powerpc/fadump: update documentation about crashkernel parameter reuse (bnc#1032084, FATE#323225). - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084, FATE#323225). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). Important SUSE bug 1032084 SUSE bug 1050431 SUSE bug 1065726 SUSE bug 1087088 SUSE bug 1089665 SUSE bug 1089668 SUSE bug 1089752 CVE-2018-10124 CVE-2018-1087 CVE-2018-8897 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kernel modules packages (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The following kernel modules were rebuild with 'retpoline' enablement to allow full mitigation of the Spectre Variant 2 (CVE-2017-5715, bsc#1068032) OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband (bsc#926856). Moderate SUSE bug 1068032 SUSE bug 926856 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for various KMPs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update rebuilds missing kernel modules (KMP) to use 'retpolines' mitigations for Spectre Variant 2 (CVE-2017-5715). Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm Moderate SUSE bug 1095824 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 krb5 was updated to fix one security issue. This security issue was fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash (bsc#952188). Important SUSE bug 952188 CVE-2015-2695 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Moderate SUSE bug 954270 SUSE bug 954470 CVE-2015-2695 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Moderate SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8631 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Moderate SUSE bug 971942 CVE-2016-3119 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). This non-security issue was fixed: - Avoid indefinite polling in KDC communication. (bsc#970696) Moderate SUSE bug 1056995 SUSE bug 1083926 SUSE bug 1083927 SUSE bug 970696 CVE-2017-11462 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Moderate SUSE bug 910457 SUSE bug 910458 SUSE bug 918595 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Important SUSE bug 938344 CVE-2015-5154 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Other bugs fixed: - To assist users past the migration incompatibility discussed in bsc#950590 (restore migration compatibility with SLE11 SP3 and SLE12, at the unfortunate expense to prior SLE11 SP4 kvm release compatability when a virtio-net device is used), print a message which references the support document TID 7017048. See https://www.suse.com/support/kb/doc.php?id=7017048 - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) - Fix kvm live migration fails between sles11 sp3 and sp4 (bsc#950590) Important SUSE bug 947164 SUSE bug 950590 SUSE bug 953187 SUSE bug 956829 SUSE bug 957162 CVE-2015-7512 CVE-2015-8345 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush (bsc#936132) Important SUSE bug 895528 SUSE bug 901508 SUSE bug 928393 SUSE bug 934069 SUSE bug 936132 SUSE bug 940929 SUSE bug 944463 SUSE bug 945404 SUSE bug 945987 SUSE bug 945989 SUSE bug 947159 SUSE bug 958491 SUSE bug 958917 SUSE bug 959005 SUSE bug 960334 SUSE bug 960725 SUSE bug 961332 SUSE bug 961333 SUSE bug 961358 SUSE bug 961556 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 964413 SUSE bug 967969 SUSE bug 969350 SUSE bug 970036 SUSE bug 970037 SUSE bug 975128 SUSE bug 975136 SUSE bug 975700 SUSE bug 976109 SUSE bug 978158 SUSE bug 978160 SUSE bug 980711 SUSE bug 980723 CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6855 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 kvm was updated to fix 16 security issues. These security issues were fixed: - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. (bsc#944697). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013). - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012). - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223). - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222). - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017). - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018). - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959). - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982). - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080). - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466). - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). Moderate SUSE bug 902737 SUSE bug 944697 SUSE bug 967012 SUSE bug 967013 SUSE bug 982017 SUSE bug 982018 SUSE bug 982019 SUSE bug 982222 SUSE bug 982223 SUSE bug 982285 SUSE bug 982959 SUSE bug 983961 SUSE bug 983982 SUSE bug 991080 SUSE bug 991466 SUSE bug 996441 CVE-2014-7815 CVE-2015-6815 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-7116 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE11-SP4 - Remove semi-contradictory and now determined erroneous statement in kvm-supported.txt regarding not running ntp in kvm guest when kvm-clock is used. It is now recommended to use ntp in guest in this case. Important SUSE bug 1001151 SUSE bug 1002550 SUSE bug 1002557 SUSE bug 1003878 SUSE bug 1003893 SUSE bug 1003894 SUSE bug 1004702 SUSE bug 1004707 SUSE bug 1006536 SUSE bug 1006538 SUSE bug 1007391 SUSE bug 1007450 SUSE bug 1007454 SUSE bug 1007493 SUSE bug 1007494 SUSE bug 1007495 SUSE bug 998516 CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) These non-security issues were fixed: - Fixed various inaccuracies in cirrus vga device emulation - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Important SUSE bug 1013285 SUSE bug 1014109 SUSE bug 1014111 SUSE bug 1014702 SUSE bug 1015048 SUSE bug 1015169 SUSE bug 1016779 SUSE bug 1021129 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023907 SUSE bug 1024972 CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5856 CVE-2017-5898 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes several issues. These security issues were fixed: - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674). - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334). - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585). - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122). - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) - Privilege escalation in TCG mode (bsc#1030624) These non-security issues were fixed: - bsc#1038396: Fixed 12 tempest tests - bsc#1045035: Fixed regression introduced by previous virtfs security fixes - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun - bsc#1049785: Make virsh dump output readable by crash Important SUSE bug 1020427 SUSE bug 1021741 SUSE bug 1025109 SUSE bug 1028184 SUSE bug 1028656 SUSE bug 1030624 SUSE bug 1031051 SUSE bug 1034044 SUSE bug 1034866 SUSE bug 1034908 SUSE bug 1035406 SUSE bug 1035950 SUSE bug 1037242 SUSE bug 1038396 SUSE bug 1039495 SUSE bug 1042159 SUSE bug 1042800 SUSE bug 1042801 SUSE bug 1043296 SUSE bug 1045035 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1049785 SUSE bug 1056334 SUSE bug 1057585 SUSE bug 1062069 SUSE bug 1063122 CVE-2016-9602 CVE-2016-9603 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-5579 CVE-2017-5973 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Security fixes have been applied: - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Important SUSE bug 1026612 SUSE bug 1068032 CVE-2017-2633 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: - This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) These two patches will be removed when we can reasonably assume everyone is running with the appropriate updates. - Security fixes for the following CVE issues: (bsc#1076114 CVE-2018-5683) (bsc#1083291 CVE-2018-7550) - This patch is already included, add here for CVE track (bsc#1076179 CVE-2017-18030) - Toolchain changes have cause the built size of pxe-virtio.rom to exceed 64K. Tweak rarely used strings in code to reduce size of the binary so it fits again. - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Important SUSE bug 1068032 SUSE bug 1076114 SUSE bug 1076179 SUSE bug 1082276 SUSE bug 1083291 CVE-2017-18030 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes one security issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1112185 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Non-security issue fixed: - Fixed LAPIC TSC deadline timer save/restore (bsc#1109544) Important SUSE bug 1109544 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1123156 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kvm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Moderate SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1170940 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Important SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172478 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178934 SUSE bug 1179467 SUSE bug 1181108 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 CVE-2014-3689 CVE-2015-1779 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 CVE-2020-14364 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20257 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for kvm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for kvm fixes the following issues: - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473) - CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612) - CVE-2020-11947: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523) - CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933) - CVE-2020-25707: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c. (bsc#1178683) - CVE-2020-15863: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c. (bsc#1174386) Important SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1178683 SUSE bug 1180523 SUSE bug 1181933 SUSE bug 1186473 SUSE bug 1187364 SUSE bug 1187367 CVE-2020-11947 CVE-2020-15469 CVE-2020-15863 CVE-2020-25707 CVE-2021-20221 CVE-2021-3416 CVE-2021-3592 CVE-2021-3594 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for lha (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers (bsc#962528). Moderate SUSE bug 962528 CVE-2016-1925 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libapr-util1 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Moderate SUSE bug 1064990 CVE-2017-12618 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libapr1 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Moderate SUSE bug 1064982 CVE-2017-12613 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcaca (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libcap-ng (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 libcap-ng was updated to fix one security issue. This security issue was fixed: - CVE-2014-3215: seunshare in policycoreutils (which uses libcap-ng) is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which made it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges (bsc#876832). Moderate SUSE bug 876832 CVE-2014-3215 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcares2 (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Low SUSE bug 1007728 CVE-2016-5180 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcares2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libcgroup1 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libcgroup1 fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). Moderate SUSE bug 1100365 CVE-2018-14348 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libcroco (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libdb-4_5 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Moderate SUSE bug 1043886 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libesmtp (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libevent (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Moderate SUSE bug 1059893 CVE-2017-7544 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libexif (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Moderate SUSE bug 920057 CVE-2014-3591 CVE-2015-0837 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Moderate SUSE bug 994157 CVE-2016-6313 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added (bsc#1046607) Moderate SUSE bug 1046607 CVE-2017-7526 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libgcrypt (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:suse_sles_ltss:11:sp4 Recommended update for libical (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bnc#986632) - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. (bsc#986642) - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. (bsc#986658) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bnc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986632 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 CVE-2016-5823 CVE-2016-5824 CVE-2016-5825 CVE-2016-5826 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Moderate SUSE bug 923241 SUSE bug 990189 SUSE bug 990190 SUSE bug 990191 CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libidn (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). Moderate SUSE bug 1056450 CVE-2017-14062 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Moderate SUSE bug 979261 SUSE bug 979906 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libksba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101) - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) () - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095) - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090) Moderate SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for liblouis fixes the following issues: Security issues fixed: - CVE-2017-15101: Buffer overflow in findTable (bsc#1067336). - CVE-2014-8184: stack-based buffer overflow in findTable() (bsc#1062458). Moderate SUSE bug 1062458 SUSE bug 1067336 CVE-2014-8184 CVE-2017-15101 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for liblouis, python-louis fixes the following issues: Security issues fixed: - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-11683: Fix a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095827) Moderate SUSE bug 1095825 SUSE bug 1095826 SUSE bug 1095827 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for liblouis (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for liblouis and python-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). Low SUSE bug 1109319 CVE-2018-17294 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Moderate SUSE bug 934524 SUSE bug 934525 SUSE bug 934526 SUSE bug 934527 SUSE bug 934528 SUSE bug 934529 CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libmspack (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) Moderate SUSE bug 1113038 SUSE bug 1113039 CVE-2018-18584 CVE-2018-18585 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libotr (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libotr fixes the following issues: - Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785) Moderate SUSE bug 969785 CVE-2016-2851 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Moderate SUSE bug 954980 CVE-2015-8126 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libpng12-0 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for librsvg (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Important SUSE bug 840753 CVE-2013-1881 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsamplerate (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Moderate SUSE bug 1033564 CVE-2017-7697 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Moderate SUSE bug 953516 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the 'flac_buffer_copy()' function) (bsc#1033054, bsc#1033914, bsc#1033915). Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943) - CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946) - CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944) - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945) - CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054) Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 - This update for libsndfile fixes a memory leak in an error path.(bsc#1038856) - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. (bsc#1069874) - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Moderate SUSE bug 1038856 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Moderate SUSE bug 1071767 SUSE bug 1071777 SUSE bug 1117954 CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libsndfile (Critical) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libsndfile fixes the following issues: - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) Critical SUSE bug 1188540 CVE-2021-3246 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libsndfile (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libssh2_org fixes the following issues: - Add SHA256 support for DH group exchange (fate#320343, bsc#961964) - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Moderate SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Moderate SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libssh2_org (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] - Store but don't use keys of unsupported types in the known_hosts file [bsc#1091236] Important SUSE bug 1091236 SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libtcnative-1-0 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability (bsc#938945) Moderate SUSE bug 938945 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtcnative-1-0 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Important SUSE bug 1078679 SUSE bug 1103347 SUSE bug 1103348 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libtirpc, rpcbind (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) Moderate SUSE bug 968175 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtirpc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) Moderate SUSE bug 1106517 SUSE bug 1106519 SUSE bug 968175 CVE-2018-14621 CVE-2018-14622 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvirt fixes the following issues: Security issue: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (bsc#953110) Bugs fixed: - bsc#960305: xenxs: support parsing and formatting vif bandwidth - bsc#961173: xen: use correct domctl version in domaininfolist union - bsc#959094: xen: Disable building xen-inotify subdriver. It is unmaintained and contains bugs that can cause client connection failures. - bsc#948686: qemu: Use PAUSED state for domains that are starting up - bsc#948516: Fix profile_status to distringuish between errors and unconfined domains. Moderate SUSE bug 948516 SUSE bug 948686 SUSE bug 953110 SUSE bug 959094 SUSE bug 960305 SUSE bug 961173 CVE-2015-5313 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed: - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed 'make check' failures. Moderate SUSE bug 952889 SUSE bug 970906 SUSE bug 987527 CVE-2016-5008 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1025340: Use xend for nodeGetFreeMemory API - bsc#1026236: Add support for tsc timers on xen Moderate SUSE bug 1025340 SUSE bug 1026236 SUSE bug 1053600 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). - CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500). Non-security issues fixed: - bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4. - bsc#1055365: Improve performance when listing hundreds of interfaces. Important SUSE bug 1055365 SUSE bug 1076500 SUSE bug 1079869 SUSE bug 1083061 SUSE bug 1083625 CVE-2017-5715 CVE-2018-1064 CVE-2018-5748 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: Added support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through. Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvirt (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-3886: Fixed a information exposure which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Important SUSE bug 1131595 SUSE bug 1138301 CVE-2019-10161 CVE-2019-3886 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libvirt and libvirt-python (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libvirt and libvirt-python fixes the following issues: libvirt: - CVE-2016-10746: Fixed an authentication bypass where a guest agent with a read only connection could call virDomainGetTime API calls (bsc#1133150). - rpc: increase the size of REMOTE_MIGRATE_COOKIE_MAX (bsc#1134783). libvirt-python: - Fixes a memory leak in libvirt-python (bsc#1140252) Moderate SUSE bug 1133150 SUSE bug 1134783 SUSE bug 1140252 CVE-2016-10746 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for LibVNCServer (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The libvncserver package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. Moderate SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). Moderate SUSE bug 1085687 CVE-2018-5146 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072). - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812). Moderate SUSE bug 1059812 SUSE bug 1091072 CVE-2017-14160 CVE-2018-10393 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) Moderate SUSE bug 1091070 CVE-2018-10392 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Moderate SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Moderate SUSE bug 1005544 CVE-2016-4658 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Moderate SUSE bug 1010675 SUSE bug 1014873 CVE-2016-9318 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) * CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Moderate SUSE bug 1024989 SUSE bug 1044337 SUSE bug 1044887 SUSE bug 1044894 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) Moderate SUSE bug 1038444 CVE-2017-8872 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Moderate SUSE bug 1069689 SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-16932 CVE-2017-5130 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1102046 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 CVE-2018-14404 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Low) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Important SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 SUSE bug 1176179 SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2014-0191 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libxml2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Moderate SUSE bug 960674 CVE-2015-8710 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features: - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374). The following non-security bugs were fixed: - NFSD: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783, bsc#1026260). - SUNRPC: Clean up the slot table allocation (bsc#1013862). - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862). - USB: cdc-acm: fix broken runtime suspend (bsc#1033771). - USB: cdc-acm: fix open and suspend race (bsc#1033771). - USB: cdc-acm: fix potential urb leak and PM imbalance in write (bsc#1033771). - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771). - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771). - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771). - USB: cdc-acm: fix write and resume race (bsc#1033771). - USB: cdc-acm: fix write and suspend race (bsc#1033771). - USB: hub: Fix crash after failure to read BOS descriptor - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794). - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816). - USB: serial: mos7720: fix parallel probe (bsc#1033816). - USB: serial: mos7720: fix parport use-after-free on probe errors (bsc#1033816). - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816). - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026). - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL (bsc#1023014). - Update metadata for serial fixes (bsc#1013070) - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - clocksource: Remove 'weak' from clocksource_default_clock() declaration (bnc#1013018). - dlm: backport 'fix lvb invalidation conditions' (bsc#1005651). - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81) - enic: set skb->hash type properly (bsc#911105). - ext4: fix mballoc breakage with 64k block size (bsc#1013018). - ext4: fix stack memory corruption with 64k block size (bsc#1013018). - ext4: reject inodes with negative size (bsc#1013018). - fuse: initialize fc->release before calling it (bsc#1013018). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - i40e: avoid null pointer dereference (bsc#909486). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508). - kabi: fix (bsc#1008893). - lockd: use init_utsname for id encoding (bsc#1033804). - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md/linear: shutup lockdep warnning (bsc#1018446). - mm/mempolicy.c: do not put mempolicy before using its nodemask (bnc#931620). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: null deref on allocation error (bsc#1013018). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: use pci_physfn() (bsc#999245). - posix-timers: Fix stack info leak in timer_create() (bnc#1013018). - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting smt_snooze_delay (bsc#1023163). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489). - powerpc/vdso64: Use double word compare on pointers (bsc#1016489). - rcu: Call out dangers of expedited RCU primitives (bsc#1008893). - rcu: Direct algorithmic SRCU implementation (bsc#1008893). - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893). - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893). - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893). - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893). - s390/kmsg: add missing kmsg descriptions (bnc#1025702). - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702). - s390/zcrypt: Introduce CEX6 toleration - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1013018). - scsi: zfcp: do not trace pure benign residual HBA responses at default level (bnc#1025702). - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702). - scsi: zfcp: fix use-after-'free' in FC ingress path after TMF (bnc#1025702). - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send (bnc#1025702). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: kill xfs_itruncate_start (bsc#1024788). - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788). - xfs: remove the i_size field in struct xfs_inode (bsc#1024788). - xfs: remove xfs_itruncate_data (bsc#1024788). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: split xfs_itruncate_finish (bsc#1024788). - xfs: split xfs_setattr (bsc#1024788). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). Important SUSE bug 1005651 SUSE bug 1008374 SUSE bug 1008893 SUSE bug 1013018 SUSE bug 1013070 SUSE bug 1013800 SUSE bug 1013862 SUSE bug 1016489 SUSE bug 1017143 SUSE bug 1018263 SUSE bug 1018446 SUSE bug 1019168 SUSE bug 1020229 SUSE bug 1021256 SUSE bug 1021913 SUSE bug 1022971 SUSE bug 1023014 SUSE bug 1023163 SUSE bug 1023888 SUSE bug 1024508 SUSE bug 1024788 SUSE bug 1024938 SUSE bug 1025235 SUSE bug 1025702 SUSE bug 1026024 SUSE bug 1026260 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027101 SUSE bug 1027178 SUSE bug 1028415 SUSE bug 1028880 SUSE bug 1029212 SUSE bug 1029770 SUSE bug 1030213 SUSE bug 1030573 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031579 SUSE bug 1032141 SUSE bug 1033336 SUSE bug 1033771 SUSE bug 1033794 SUSE bug 1033804 SUSE bug 1033816 SUSE bug 1034026 SUSE bug 909486 SUSE bug 911105 SUSE bug 931620 SUSE bug 979021 SUSE bug 982783 SUSE bug 983212 SUSE bug 985561 SUSE bug 988065 SUSE bug 989056 SUSE bug 995542 SUSE bug 999245 CVE-2015-3288 CVE-2015-8970 CVE-2016-10200 CVE-2016-5243 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for log4j (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for lxc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Moderate SUSE bug 946744 CVE-2015-1335 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mailman (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery (CSRF) vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option (bsc#995352). - Various other hardenings against CSFR attacks For details please see https://launchpad.net/mailman/+milestone/2.1.15 Moderate SUSE bug 995352 CVE-2016-6893 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205). Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a '+' (bsc#1102416) Important SUSE bug 1102416 SUSE bug 997205 CVE-2016-6893 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). Important SUSE bug 1167068 SUSE bug 1170558 CVE-2020-12137 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mailman (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Important SUSE bug 1000751 SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 1012964 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 CVE-2016-9079 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mgetty (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Important SUSE bug 1108752 SUSE bug 1108756 SUSE bug 1108757 SUSE bug 1108761 SUSE bug 1108762 CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Update to Intel microcode version 20180108 (bsc#1075262 CVE-2017-5715) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). Among other updates it contains: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Important SUSE bug 1075262 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for microcode_ctl fixes the following security issue: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update to ucode-intel (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 SUSE bug 1141977 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issue: - Updated Intel CPU Microcode to 20201027 prerelease (bsc#1170446) - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for microcode_ctl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for microcode_ctl fixes the following issues: Updated to Intel CPU Microcode 20210525 release: - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833) - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839) Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for minicom (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for minicom fixes the following issues: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783) Moderate SUSE bug 1033783 CVE-2017-7467 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mono-core (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mono-core (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119) Moderate SUSE bug 739119 SUSE bug 958097 CVE-2009-0689 CVE-2012-3543 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Important SUSE bug 954447 SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 SUSE bug 963731 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mozilla-nspr (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 mozilla-nspr was update to version 4.10.8 Moderate SUSE bug 935979 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mozilla-nss (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Moderate SUSE bug 959888 CVE-2015-7575 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr was updated to version 4.25. Important SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173032 CVE-2019-11727 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Important SUSE bug 1101567 SUSE bug 1101570 SUSE bug 1101571 SUSE bug 1101573 SUSE bug 1101576 SUSE bug 1101577 SUSE bug 1101578 SUSE bug 1101581 SUSE bug 1101582 SUSE bug 1101588 SUSE bug 1101589 SUSE bug 936807 CVE-2018-14349 CVE-2018-14350 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mutt (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Moderate SUSE bug 924663 SUSE bug 928962 SUSE bug 934401 SUSE bug 938412 CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Moderate SUSE bug 951391 SUSE bug 952196 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Moderate SUSE bug 959724 SUSE bug 960961 SUSE bug 962779 CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 mysql was updated to version 5.5.49 to fix 13 security issues. These security issues were fixed: - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#976341). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#976341). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#976341). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#976341). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#976341). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#976341). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#976341). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#976341). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#976341). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#976341). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com (bsc#963806). More details are available at - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html Important SUSE bug 963806 SUSE bug 976341 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Moderate SUSE bug 934789 SUSE bug 959724 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913). - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919). - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922). - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926). - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html Bugs fixed: - bsc#967374: properly restart mysql multi instances during upgrade - bnc#937258: multi script to restart after crash Important SUSE bug 937258 SUSE bug 967374 SUSE bug 989913 SUSE bug 989919 SUSE bug 989922 SUSE bug 989926 SUSE bug 998309 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This mysql version update to 5.5.53 fixes the following issues: - CVE-2016-6662: Unspecified vulnerability in subcomponent Logging (bsc#1005580) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html Important SUSE bug 1005558 SUSE bug 1005580 SUSE bug 1005581 CVE-2016-5584 CVE-2016-6662 CVE-2016-7440 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890) - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html Important SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Important SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1029014 SUSE bug 1029396 SUSE bug 1034850 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql fixes the following issues: - CVE-2017-3635: C API unspecified vulnerability (bsc#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (bsc#1049399) - CVE-2017-3641: DML unspecified vulnerability (bsc#1049404) - CVE-2017-3648: Charsets unspecified vulnerability (bsc#1049411) - CVE-2017-3651: Client mysqldump unspecified vulnerability (bsc#1049415) - CVE-2017-3652: DDL unspecified vulnerability (bsc#1049416) - CVE-2017-3653: DDL unspecified vulnerability (bsc#1049417) Moderate SUSE bug 1049398 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049411 SUSE bug 1049415 SUSE bug 1049416 SUSE bug 1049417 SUSE bug 1049422 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html Important SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064119 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369) - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html Moderate SUSE bug 1076369 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following issues: - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate SUSE bug 1089987 CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for mysql to version 5.5.61 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-3066: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3063: Fixed an easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101677) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html) Moderate SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1101679 SUSE bug 1101680 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for mysql (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 MySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed: - CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. - CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) - CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) - CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Important SUSE bug 1013882 SUSE bug 1112368 SUSE bug 1112369 SUSE bug 1112432 CVE-2016-9843 CVE-2018-3133 CVE-2018-3174 CVE-2018-3282 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nagios (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for nagios fixes the following issues: - CVE-2016-8641 / CVE-2016-10089: fixed possible symlink attacks for files/directories created by root (bsc#1011630 / bsc#1018047) Moderate SUSE bug 1011630 SUSE bug 1018047 CVE-2016-10089 CVE-2016-8641 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nagios-nrpe (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for nagios-nrpe fixes one issue. This security issue was fixed: - CVE-2015-4000: Prevent Logjam. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE (bsc#938906). Moderate SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for nautilus (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file (bsc#1060031). Low SUSE bug 1060031 CVE-2017-14604 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for ncurses (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Important SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). Important SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 SUSE bug 1069530 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-16879 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ncurses (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Moderate SUSE bug 1056127 CVE-2017-13733 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for net-snmp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Moderate SUSE bug 853382 SUSE bug 935863 SUSE bug 940188 CVE-2015-5621 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Moderate SUSE bug 1024287 CVE-2017-2581 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for netpbm (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Fix the comment regarding addserver in ntp.conf (bnc#910063). - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove 'kod' from the restrict line in ntp.conf (bsc#944300). - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Require perl-Socket6 (bsc#942441). - Fix incomplete backporting of 'rcntp ntptimemset'. Moderate SUSE bug 905885 SUSE bug 910063 SUSE bug 936327 SUSE bug 942441 SUSE bug 942587 SUSE bug 944300 SUSE bug 951608 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - bsc#784760: Remove local clock from default configuration Important SUSE bug 782060 SUSE bug 784760 SUSE bug 916617 SUSE bug 951559 SUSE bug 951629 SUSE bug 956773 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962994 SUSE bug 962995 SUSE bug 962997 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 975981 CVE-2015-5300 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226). Important SUSE bug 957226 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. Important SUSE bug 979302 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for libtasn1 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Moderate SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ntp fixes the following issues: - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Security issues fixed (update to 4.2.8p9): - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Moderate SUSE bug 1014172 SUSE bug 1030050 SUSE bug 1031085 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ntp fixes the following issues: Security issues fixed: - CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 (bsc#1082210). - CVE-2018-7170: Ephemeral association time spoofing additional protection (bsc#1083424). - CVE-2018-7182: Buffer read overrun leads information leak in ctl_getitem() (bsc#1083426). - CVE-2018-7183: decodearr() can write beyond its buffer limit (bsc#1083417). - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state (bsc#1083422). - CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association (bsc#1083420). Bug fixes: - bsc#1077445: Don't use libevent's cached time stamps in sntp. - Disable CMAC in ntp when building against a version of OpenSSL that doesn't support it. Moderate SUSE bug 1077445 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1001182 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ntp (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for open-vm-tools (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) - Fix copy-n-paste and drag-n-drop regressions (bsc#978424) - Add new vmblock-fuse.service - Fix a suspend with systemd issue (bsc#913727) - ESXi Serviceability - GuestInfo Enhancements - Compatibility with all supported versions of VMware vSphere, VMware Workstation 12.0 and VMware Fusion 8.0. Moderate SUSE bug 1006796 SUSE bug 1007600 SUSE bug 1011057 SUSE bug 1013496 SUSE bug 1024202 SUSE bug 913727 SUSE bug 938593 SUSE bug 941384 SUSE bug 944615 SUSE bug 952645 SUSE bug 971031 SUSE bug 978424 SUSE bug 985110 SUSE bug 994598 CVE-2015-5191 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. Moderate SUSE bug 924496 SUSE bug 932773 SUSE bug 937766 CVE-2015-4000 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). Important SUSE bug 1172698 CVE-2020-8023 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openldap2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. - resynchronise changelogs with subpackages (bsc#1184020). Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 SUSE bug 1184020 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Moderate SUSE bug 945582 CVE-2015-6908 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for opensc (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16422 CVE-2018-16423 CVE-2018-16427 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for opensc (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1192005 CVE-2021-42780 CVE-2021-42782 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openslp (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. (bsc#936695) * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (bsc#938746) * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM. (bsc#932483) * Hardening patch to fix sftp RCE. (bsc#903649) * CVE-2015-6563: The monitor component in sshd accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Additional a bug was fixed that could lead to openssh not working in chroot (bsc#947458). Moderate SUSE bug 903649 SUSE bug 932483 SUSE bug 936695 SUSE bug 938746 SUSE bug 939932 SUSE bug 943006 SUSE bug 943010 SUSE bug 945484 SUSE bug 945493 SUSE bug 947458 CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions (bsc#970632). - CVE-2016-1908: Possible fallback from untrusted to trusted X11 forwarding (bsc#962313). - CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes (bsc#975865). These non-security issues were fixed: - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow empty Match blocks (bsc#961494) Moderate SUSE bug 729190 SUSE bug 932483 SUSE bug 948902 SUSE bug 960414 SUSE bug 961368 SUSE bug 961494 SUSE bug 962313 SUSE bug 965576 SUSE bug 970632 SUSE bug 975865 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) - CVE-2016-6515: Limiting the accepted password length to prevent possible DoS (bsc#992533) Bug fixes: - avoid complaining about unset DISPLAY variable (bsc#981654) Moderate SUSE bug 948902 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes: - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275) Moderate SUSE bug 1016370 SUSE bug 1017099 SUSE bug 1023275 SUSE bug 1053972 SUSE bug 1065000 SUSE bug 1069509 SUSE bug 1076957 CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Also the following security related hardening change was done: - Removed arcfour,blowfish,cast from list of default ciphers as they are long discontinued and should no longer be used. (bsc#982273) And the following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 1106163 SUSE bug 964336 SUSE bug 982273 CVE-2018-15473 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssh (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Moderate SUSE bug 1090671 SUSE bug 1115550 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssh (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssh (Critical) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 984663 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) Important SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) Moderate SUSE bug 1089039 CVE-2018-0737 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785). Important SUSE bug 1153785 CVE-2019-1563 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1176331 CVE-2020-1968 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Low) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openssl (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Important SUSE bug 1044947 CVE-2017-7508 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openvpn (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374) - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709) - CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711) - Some other hardening fixes have also been applied (bsc#1038713) Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 1060877 SUSE bug 995374 CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for openwsman (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for orca (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Moderate SUSE bug 916835 CVE-2013-4245 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pam (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - CVE-2013-7041: Compare password hashes case-sensitively (bsc#854480). This non-security issue was fixed: - bsc#962220: Don't fail when /var/log/btmp is corrupted Moderate SUSE bug 854480 SUSE bug 934920 SUSE bug 962220 CVE-2013-7041 CVE-2015-3238 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pam-modules (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for pam-modules fixes the following security issue: - CVE-2011-3172: Ensure that unix2_chkpwd calls pam_acct_mgmt to prevent usage of locked accounts (bsc#707645). Moderate SUSE bug 707645 CVE-2011-3172 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for pam_pkcs11 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for pam_pkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token (bsc#1105012) - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes (bsc#1105012) - Memory not cleaned properly before free() (bsc#1105012) Moderate SUSE bug 1105012 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for patch (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): Important SUSE bug 1059698 SUSE bug 1080918 SUSE bug 1088420 SUSE bug 662957 SUSE bug 914891 CVE-2010-4651 CVE-2014-9637 CVE-2016-10713 CVE-2018-1000156 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a '(eval)' directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] Moderate SUSE bug 929027 SUSE bug 967082 SUSE bug 987887 SUSE bug 988311 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - reformat baselibs.conf as source validator workaround Low SUSE bug 1047178 CVE-2017-6512 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). Moderate SUSE bug 1082216 SUSE bug 1082233 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). Moderate SUSE bug 1096718 CVE-2018-12015 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-Archive-Zip (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497). Moderate SUSE bug 1099497 CVE-2018-10860 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl-DBD-mysql fixes the following issues: - Add patch to fix CVE-2016-1251 (bsc#1012546) use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Moderate SUSE bug 1012546 CVE-2016-1251 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Moderate SUSE bug 1002626 SUSE bug 1010457 CVE-2016-1246 CVE-2016-1249 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a \'your communication with the server will be encrypted\' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059) - CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095) Moderate SUSE bug 1047059 SUSE bug 1047095 CVE-2017-10788 CVE-2017-10789 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). - CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493). Important SUSE bug 1176493 SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2013-7491 CVE-2019-20919 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for perl-XML-LibXML (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Important SUSE bug 1046848 CVE-2017-10672 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for permissions (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for permissions fixes the following issues: - CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks (bsc#1150734). Moderate SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3690 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721) * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719) Moderate SUSE bug 938719 SUSE bug 938721 CVE-2015-5589 CVE-2015-5590 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074] Important SUSE bug 935074 SUSE bug 942291 SUSE bug 942294 SUSE bug 942295 SUSE bug 942296 SUSE bug 945412 SUSE bug 945428 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 CVE-2014-9767 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Moderate SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4073 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) - CVE-2015-8879: odbc_bindcols function in ext/odbc/php_odbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050) Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Important SUSE bug 949961 SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 SUSE bug 976996 SUSE bug 976997 SUSE bug 977003 SUSE bug 977005 SUSE bug 977991 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 SUSE bug 981050 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 SUSE bug 982162 CVE-2014-9767 CVE-2015-4116 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Important SUSE bug 986004 SUSE bug 986244 SUSE bug 986386 SUSE bug 986388 SUSE bug 986393 CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Moderate SUSE bug 987530 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991437 CVE-2014-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Important SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997257 SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Moderate SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-8670 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] * Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Moderate SUSE bug 1012232 SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 SUSE bug 974305 CVE-2014-9912 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Important SUSE bug 1019550 SUSE bug 1022219 SUSE bug 1022255 SUSE bug 1022257 SUSE bug 1022260 SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246) - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883) - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889) - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (bsc#1040891) Moderate SUSE bug 1031246 SUSE bug 1035111 SUSE bug 1040883 SUSE bug 1040889 SUSE bug 1040891 CVE-2016-6294 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Important SUSE bug 1031246 SUSE bug 1044976 CVE-2017-7272 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112). - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111] - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454). - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094). - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096). Moderate SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 1054430 SUSE bug 986386 CVE-2016-10168 CVE-2016-10397 CVE-2016-5766 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-12933 CVE-2017-7890 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Moderate SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. (bsc#986247) - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. (bsc#986391) - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639) Important SUSE bug 1076220 SUSE bug 1076391 SUSE bug 1080234 SUSE bug 1083639 SUSE bug 986247 SUSE bug 986391 CVE-2016-10712 CVE-2016-5771 CVE-2016-5773 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Moderate SUSE bug 1096984 SUSE bug 1099098 CVE-2018-10360 CVE-2018-12882 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow leading to a heap based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Moderate SUSE bug 1103659 SUSE bug 1103836 SUSE bug 1105466 CVE-2017-9118 CVE-2018-14851 CVE-2018-14883 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) Moderate SUSE bug 1108753 CVE-2018-17082 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Recommended update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123354 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1140118 SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for php53 (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for php53 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 SUSE bug 1161982 SUSE bug 1162629 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-20433 CVE-2020-7059 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for php53 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Important SUSE bug 1177352 CVE-2020-7070 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for php53 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for php53 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Important SUSE bug 1182049 CVE-2021-21702 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for policycoreutils (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Low SUSE bug 1000998 CVE-2016-7545 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for policycoreutils (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Moderate SUSE bug 1083624 CVE-2018-1063 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Moderate SUSE bug 976844 CVE-2015-8868 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for poppler (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for poppler fixes the following issues: - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) Moderate SUSE bug 1061265 SUSE bug 1064593 SUSE bug 1074453 CVE-2017-1000456 CVE-2017-14977 CVE-2017-15565 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Moderate SUSE bug 949669 SUSE bug 949670 CVE-2015-5288 CVE-2015-5289 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql-init (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root (bsc#1062722) Moderate SUSE bug 1062722 CVE-2017-14798 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix 'unresolved symbol' errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html - Relax dependency on libpq to major version. Important SUSE bug 949669 SUSE bug 949670 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). For the non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Important SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql93 fixes the following issues: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Moderate SUSE bug 1029547 SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for postgresql94 fixes the following issues: postgresql was updated to 9.4.19: https://www.postgresql.org/docs/current/static/release-9-4-19.html * CVE-2018-10915, bsc#1104199: Fix failure to reset libpq's state fully between connection attempts. postgresql was updated to 9.4.18: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-4-18.html A dump/restore is not required for those running 9.4.X. However, if the function marking mistakes mentioned in the first changelog entry below affect you, you will want to take steps to correct your database catalogs. Important SUSE bug 1104199 CVE-2018-10915 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ppp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Moderate SUSE bug 927841 CVE-2015-3310 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ppp (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for procmail (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for procmail fixes the following issues: Security issue fixed: - CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648) Moderate SUSE bug 1068648 CVE-2017-16844 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for procps (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Moderate SUSE bug 1092100 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for puppet (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older than 3.2.2 as the SLE11 master doesn't support other fact formats than pson in default anymore. In order to allow users to continue using their SLE11 agents a patch was added that enables sending PSON from agents. For non-SUSE clients older that 3.2.2 a new puppet master boolean option 'dangerous_fact_formats' was added. When it's set to true it enables using dangerous fact formats (e.g. YAML). When it's set to false, only PSON fact format is accepted. (bsc#1040151), (bsc#1077767) Moderate SUSE bug 1040151 SUSE bug 1077767 CVE-2017-2295 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Moderate SUSE bug 984751 SUSE bug 985348 SUSE bug 989523 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python fixes the following issues: - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). Moderate SUSE bug 1068664 CVE-2017-1000158 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Moderate SUSE bug 1083507 CVE-2017-18207 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Important SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 985177 CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) Moderate SUSE bug 1109847 CVE-2018-14647 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for python (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for python (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) Moderate SUSE bug 1149955 CVE-2019-16056 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for python (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). Moderate SUSE bug 1162367 CVE-2020-8492 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for python (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Important SUSE bug 1177211 CVE-2020-26116 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for python-numpy (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). Moderate SUSE bug 970952 CVE-2016-2342 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga (group: quagga, mode: 750) and read configuration files installed there (group: quagga, mode: 640). Low SUSE bug 770619 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Moderate SUSE bug 977012 CVE-2016-4049 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Important SUSE bug 1005258 CVE-2016-1245 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for quagga (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet 'vty' CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet 'vty' CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default 'zebra.conf' config file are now disabled. The vty interface is available via 'vtysh' utility using pam authentication to permit management access for root without password. [bsc#1021669] Important SUSE bug 1021669 SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rpcbind (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Moderate SUSE bug 940191 SUSE bug 946204 CVE-2015-7236 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Moderate SUSE bug 900914 SUSE bug 915410 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 rsync was updated to fix one security issue. - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). Moderate SUSE bug 915410 CVE-2014-9512 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions' (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). Moderate SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rsync (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Moderate SUSE bug 1076503 CVE-2018-5764 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for ruby (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Moderate SUSE bug 926974 SUSE bug 959495 SUSE bug 986630 CVE-2015-1855 CVE-2015-7551 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for rzsz (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for rzsz fixes the following issues: - L3: sz of rzsz segfaults in zsdata() (bsc#1086416) - VUL-0: CVE-2018-10195: rzsz: sz can leak data to receiving side (bsc#1090051) - rzsz-0.12.20-976.7: illegal use of freed variable (bsc#529899) - /usr/bin/lsb segfaults [rzsz] (bsc#1076576) Moderate SUSE bug 1076576 SUSE bug 1086416 SUSE bug 1090051 SUSE bug 529899 CVE-2018-10195 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). Important SUSE bug 967017 SUSE bug 968222 CVE-2015-7560 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link Important SUSE bug 936862 SUSE bug 967017 SUSE bug 971965 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) Moderate SUSE bug 1003731 SUSE bug 1009711 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 993692 SUSE bug 997833 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). Important SUSE bug 1027147 CVE-2017-2619 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Important SUSE bug 1027147 SUSE bug 1036283 CVE-2017-2619 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). Moderate SUSE bug 1042419 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12163 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). Moderate SUSE bug 1016531 SUSE bug 1063008 CVE-2017-15275 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Moderate SUSE bug 1081741 CVE-2018-1050 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) Important SUSE bug 1079449 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issue fixed: - Make init scripts create log directories before running daemons (bsc#1101499) Moderate SUSE bug 1101499 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for samba (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for samba (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Important SUSE bug 295284 SUSE bug 912457 SUSE bug 934299 SUSE bug 936909 SUSE bug 948244 SUSE bug 949022 SUSE bug 953382 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958586 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sane-backends (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Moderate SUSE bug 942628 CVE-2015-5185 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sblim-sfcb (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. (fate#322032/bsc#1012814) This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on the WBEM SSL socket. Bugfixes: - Add sslNoSSLv3 and sslNoTLSv1 configuration options (bsc#923349, bsc#1008130) Moderate SUSE bug 1008130 SUSE bug 1012814 SUSE bug 923349 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for shim (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for shim fixes the following issues: Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from or after July / August 2020 are applied. Also fixed: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for socat (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Moderate SUSE bug 821985 SUSE bug 860991 SUSE bug 964844 CVE-2013-3571 CVE-2014-0019 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Spice was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787) Moderate SUSE bug 944460 SUSE bug 944787 SUSE bug 948976 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Important SUSE bug 1023078 SUSE bug 1023079 CVE-2016-9577 CVE-2016-9578 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) Important SUSE bug 1046779 CVE-2017-7506 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for spice (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code (bsc#1177158) - CVE-2016-2150: Fixed a guest escape using crafted primary surface parameters (bsc#982386) Important SUSE bug 1177158 SUSE bug 1181686 SUSE bug 982386 CVE-2016-2150 CVE-2020-14355 CVE-2021-20201 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) Moderate SUSE bug 987394 CVE-2016-6153 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Moderate SUSE bug 1119687 CVE-2018-20346 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for sqlite3 fixes the following issues: - CVE-2019-20218: Fixed a stack unwinding flaw in the selectExpander after a parsing error. (bsc#1160439) Important SUSE bug 1160439 CVE-2019-20218 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 squid was updated to fix two security issues. These security issues were fixed: - CVE-2014-6270: Fixed an off by one in snmp subsystem (bsc#895773). - CVE-2014-9749: Fixed a nonce replay vulnerability in Digest authentication (bsc#949942). Moderate SUSE bug 895773 SUSE bug 949942 CVE-2014-6270 CVE-2014-9749 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing (bsc#979010) Moderate SUSE bug 976553 SUSE bug 979010 CVE-2016-4051 CVE-2016-4554 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning (bsc#1175664). - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). - CVE-2019-18676: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). Important SUSE bug 1156329 SUSE bug 1175664 CVE-2019-12523 CVE-2019-18676 CVE-2020-15810 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Important SUSE bug 895773 SUSE bug 902197 SUSE bug 938715 SUSE bug 963539 SUSE bug 967011 SUSE bug 968392 SUSE bug 968393 SUSE bug 968394 SUSE bug 968395 SUSE bug 973782 SUSE bug 973783 SUSE bug 976553 SUSE bug 976556 SUSE bug 976708 SUSE bug 979008 SUSE bug 979009 SUSE bug 979010 SUSE bug 979011 SUSE bug 993299 CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Moderate SUSE bug 1016168 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid3 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid3 fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Moderate SUSE bug 1077003 SUSE bug 1077006 CVE-2018-1000024 CVE-2018-1000027 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid3 fixes the following issues: - CVE-2018-1172: Fixed a DoS caused by incorrect handling of ESI responses. (bsc#1090089, SQUID-2018:3) Important SUSE bug 1090089 CVE-2018-1172 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for squid3 fixes the following issues: Security issue fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). Important SUSE bug 1113668 CVE-2018-19131 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) - Fixed handling of hostname in cachemgr.cgi (CVE-2019-18860, bsc#1167373) - Fixed a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) - Fixed a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (CVE-2019-12520, CVE-2019-12524, bsc#1170423) - Fixed a potential denial of service when processing TLS certificates during HTTPS connections (CVE-2020-14059, bsc#1173304) - Fixed a potential denial of service associated with incorrect buffer management of HTTP Basic Authentication credentials (bsc#1141329, CVE-2019-12529) - Fixed an incorrect buffer management resulting in vulnerability to a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332, CVE-2019-12525) - Fix XSS via user_name or auth parameter in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - Fixed a potential code execution vulnerability (CVE-2019-12526, bsc#1156326) - Fixed HTTP Request Splitting in HTTP message processing and information disclosure in HTTP Digest Authentication (CVE-2019-18678, CVE-2019-18679, bsc#1156323, bsc#1156324) - Fixed a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) - Fixed a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) - Fixed a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) - Fixed Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) - Disable urn parsing and parsing of unknown schemes (bsc#1156329, CVE-2019-12523, CVE-2019-18676) Important SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 SUSE bug 1167373 SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 SUSE bug 1173304 SUSE bug 1173455 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14059 CVE-2020-15049 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for squid3 (Critical) SUSE Linux Enterprise Server 11 SP4-LTSS This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability (bsc#1175665). - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses (bsc#1175671). - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for squid3 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for squid3 fixes the following issues: - CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921). - CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436). Important SUSE bug 1183436 SUSE bug 1185921 CVE-2020-25097 CVE-2021-28651 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for squidGuard (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Moderate SUSE bug 985612 CVE-2015-8936 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 strongswan was updated to fix one security issue. This security issue was fixed: - CVE-2015-4171: A problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (bsc#933591) Moderate SUSE bug 933591 CVE-2015-4171 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Important SUSE bug 1039514 SUSE bug 1039515 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for strongswan fixes the following issues: - CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Moderate SUSE bug 1051222 CVE-2017-11185 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for strongswan (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1107874 SUSE bug 1109845 SUSE bug 1194471 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for sudo (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionally crash sudo with an 'internal error'. This issue has been fixed. [bsc#948973] - The SSSD plugin would occasionally apply @netgroups rules from LDAP to all users rather than the @netgroup. This issue is now fixed. [bsc#966755] - When the SSSD plugin was used and a local user ran sudo, an e-mail used to be sent to administrator because SSSD did not support sudo rules for local users. This message did not signify an error, however, it was only noise. [bsc#1008043] Moderate SUSE bug 1007501 SUSE bug 1007766 SUSE bug 1008043 SUSE bug 948973 SUSE bug 966755 CVE-2016-7032 CVE-2016-7076 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for sudo (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for supportutils (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Moderate SUSE bug 980670 CVE-2016-1602 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for supportutils (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script (bsc#1117751) - CVE-2018-19640: Users can kill arbitrary processes (bsc#1118463) - CVE-2018-19638: User can overwrite arbitrary log files in support tar (bsc#1118460) - CVE-2018-19639: Code execution if run with -v (bsc#1118462) Moderate SUSE bug 1117751 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 CVE-2018-19636 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for syslog-ng (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update (bsc#1169385). Moderate SUSE bug 1169385 CVE-2020-8019 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] Moderate SUSE bug 1007188 CVE-2016-6321 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tar (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes (jsc#ECO-339) * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments to external commands. * New configure option --enable-gcc-warnings, intended for debugging. * New warning control option --warning=[no-]record-size * New command line option --keep-directory-symlink * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Moderate SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1152736 CVE-2018-20482 CVE-2019-9923 cpe:/o:suse:suse_sles_ltss:11:sp4 Recommended update for tboot (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tboot provides the following fix: Security issue fixed: - CVE-2014-5118: tboot: bypass of measured boot (bsc#889339) Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon 'Purley 8s' processors. The following error message showed: 'TBOOT: wait-for-sipi loop timed-out'. Booting continued but 'TXT measured launch' was wrongly reported as FALSE. (bsc#1057555) Moderate SUSE bug 1057555 SUSE bug 889339 CVE-2014-5118 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tcpdump fixes the following issues: Security issues fixed (bsc#1020940): - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print(). - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print(). - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parser print-sl.c:sl_if_print(). - CVE-2016-7926: Corrected buffer overflow in the Ethernet parser print-ether.c:ethertype_print(). - CVE-2016-7927: Corrected buffer overflow in the IEEE 802.11 parser print-802_11.c:ieee802_11_radio_print(). - CVE-2016-7928: Corrected buffer overflow in the IPComp parser print-ipcomp.c:ipcomp_print(). - CVE-2016-7931: Corrected buffer overflow in the MPLS parser print-mpls.c:mpls_print(). - CVE-2016-7936: Corrected buffer overflow in the UDP parser print-udp.c:udp_print(). - CVE-2016-7934,CVE-2016-7935,CVE-2016-7937: Corrected segmentation faults in function udp_print(). - CVE-2016-7939: Corrected buffer overflows in GRE parser print-gre.c:(multiple functions). - CVE-2016-7940: Corrected buffer overflows in STP parser print-stp.c:(multiple functions). - CVE-2016-7973: Corrected buffer overflow in AppleTalk parser print-atalk.c. - CVE-2016-7974: Corrected buffer overflow in IP parser print-ip.c:(multiple functions). - CVE-2016-7975: Corrected buffer overflow in TCP parser print-tcp.c:tcp_print(). - CVE-2016-7983,CVE-2016-7984: Corrected buffer overflow in TFTP parser print-tftp.c:tftp_print(). - CVE-2016-7992: Corrected buffer overflow in Classical IP over ATM parser print-cip.c. - CVE-2016-7993: Corrected buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, etc.). - CVE-2016-8574: Corrected buffer overflow in FRF.15 parser print-fr.c:frf15_print(). - CVE-2017-5202: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). - CVE-2017-5203: Corrected buffer overflow in BOOTP parser print-bootp.c:bootp_print(). - CVE-2017-5204: Corrected buffer overflow in IPv6 parser print-ip6.c:ip6_print(). - CVE-2017-5483: Corrected buffer overflow in SNMP parser print-snmp.c:asn1_parse(). - CVE-2017-5484: Corrected buffer overflow in ATM parser print-atm.c:sig_print(). - CVE-2017-5485: Corrected buffer overflow in ISO CLNS parser addrtoname.c:lookup_nsap(). - CVE-2017-5486: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). Moderate SUSE bug 1020940 CVE-2016-7922 CVE-2016-7923 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7931 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-13011 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tcpdump (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). Important SUSE bug 1057247 SUSE bug 1153098 SUSE bug 1153332 CVE-2017-12893 CVE-2017-12894 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12995 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13041 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13051 CVE-2017-13053 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13725 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14881 CVE-2018-14882 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Moderate SUSE bug 914890 SUSE bug 916927 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Moderate SUSE bug 960341 SUSE bug 964225 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) Moderate SUSE bug 973340 SUSE bug 974449 SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). Moderate SUSE bug 1007280 SUSE bug 1011107 SUSE bug 1011845 SUSE bug 1017688 SUSE bug 1017690 SUSE bug 1017691 SUSE bug 1017692 SUSE bug 1031255 SUSE bug 1046077 SUSE bug 1048937 SUSE bug 1074318 SUSE bug 960341 SUSE bug 983436 CVE-2015-7554 CVE-2016-10095 CVE-2016-10268 CVE-2016-3945 CVE-2016-5318 CVE-2016-5652 CVE-2016-9453 CVE-2016-9536 CVE-2017-11335 CVE-2017-17973 CVE-2017-9935 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) Moderate SUSE bug 1017694 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033129 SUSE bug 1074317 SUSE bug 984808 SUSE bug 984809 SUSE bug 984831 SUSE bug 987351 CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2016-5314 CVE-2016-5315 CVE-2017-18013 CVE-2017-7593 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). Moderate SUSE bug 1007276 SUSE bug 1011839 SUSE bug 1011846 SUSE bug 1017689 SUSE bug 1017690 SUSE bug 1019611 SUSE bug 1031263 SUSE bug 1082332 SUSE bug 1082825 SUSE bug 1086408 SUSE bug 974621 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-10266 CVE-2016-3632 CVE-2016-5318 CVE-2016-8331 CVE-2016-9535 CVE-2016-9540 CVE-2017-11613 CVE-2017-5225 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) Moderate SUSE bug 1074186 SUSE bug 1092480 SUSE bug 960589 SUSE bug 983440 CVE-2015-8668 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Moderate SUSE bug 1106853 SUSE bug 1108627 SUSE bug 1108637 SUSE bug 1110358 CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1010163 SUSE bug 1014461 SUSE bug 1040080 SUSE bug 1040322 SUSE bug 1074186 SUSE bug 1099257 SUSE bug 1113672 SUSE bug 974446 SUSE bug 974447 SUSE bug 974448 SUSE bug 983440 CVE-2015-8870 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-5319 CVE-2016-9273 CVE-2017-17942 CVE-2017-9117 CVE-2017-9147 CVE-2018-12900 CVE-2018-18661 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). Moderate SUSE bug 1017693 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Low SUSE bug 1121626 SUSE bug 983268 CVE-2016-5102 CVE-2019-6128 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tiff (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Important SUSE bug 1156749 SUSE bug 1156754 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 CVE-2015-8665 CVE-2015-8683 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tightvnc (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Important SUSE bug 1155442 SUSE bug 1155452 SUSE bug 1155472 SUSE bug 1155476 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tomcat6 fixes the following issue: - CVE-2016-5388 Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) Moderate SUSE bug 988489 CVE-2016-5388 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. (bsc#931442) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass security manager protections. - CVE-2014-0227: Limited DoS in chunked transfer encoding input filter. (bsc#917127) It was discovered that the ChunkedInputFilter implementation did not fail subsequent attempts to read input early enough. A remote attacker could have used this flaw to perform a denial of service attack, by streaming an unlimited quantity of data, leading to consumption of server resources. - CVE-2014-0230: Non-persistent DoS attack by feeding data by aborting an upload It was possible for a remote attacker to trigger a non-persistent DoS attack by feeding data by aborting an upload. (bsc#926762) Additionally, the following non-security issues have been fixed: - Fix rights of all files within /usr/share/tomcat6/bin. (bsc#906152) - Don't overwrite /var/run/tomcat6.pid when Tomcat is already running. (bsc#934219) - Miscellaneous fixes and improvements to Tomcat's init script. (bsc#932698) Moderate SUSE bug 906152 SUSE bug 917127 SUSE bug 926762 SUSE bug 931442 SUSE bug 932698 SUSE bug 934219 CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) * CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) * CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) Important SUSE bug 934219 SUSE bug 967815 SUSE bug 967964 SUSE bug 967965 SUSE bug 967967 CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Important SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1011805 SUSE bug 1011812 SUSE bug 1015119 SUSE bug 1033448 SUSE bug 1036642 SUSE bug 988489 CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tomcat6 fixes the following security issues: - : The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page (bsc#1042910). - : The URL pattern of '' was not correctly handled when used as part of a security constraint definition. This caused the constraint to be ignored. It was possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected (bsc#1082480). Moderate SUSE bug 1042910 SUSE bug 1082480 CVE-2017-5664 CVE-2018-1304 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for tomcat6 fixes the following issue: Security issue fixed: - CVE-2018-11784: Fixed problem with specially crafted URLs that could be used to cause a redirect to any URI of an attackers choise (bsc#1110850). Moderate SUSE bug 1110850 CVE-2018-11784 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tomcat6 fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tomcat6 fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2020-9484 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for tomcat6 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Important SUSE bug 1059554 SUSE bug 1180947 SUSE bug 1182909 CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for transfig (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for transfig fixes the following issues: Security issue fixed: - CVE-2017-16899: Fix array index error in the fig2dev program (bsc#1069257). Moderate SUSE bug 1069257 CVE-2017-16899 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for transfig fixes the following issues: - CVE-2021-3561: Fixed global buffer overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: Fixed out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19746: Fixed segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-19555: Fixed stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). - CVE-2020-21680: Fixed a stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2020-21681: Fixed a global buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21682: Fixed a global buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21683: Fixed a global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - Do hardening via compile and linker flags - Fixed last added upstream commit (boo#1136882) Important SUSE bug 1136882 SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for transfig (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for unrar (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Important SUSE bug 1045315 CVE-2012-6706 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for unrar (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Added libunrar* and libunrar*-devel subpackages (bsc#513804) - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 513804 SUSE bug 693890 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) Moderate SUSE bug 1013992 SUSE bug 1013993 SUSE bug 950110 SUSE bug 950111 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) Moderate SUSE bug 1080074 CVE-2018-1000035 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for unzip (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) Moderate SUSE bug 1110194 CVE-2018-18384 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for vim (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability (bsc#1010685) Important SUSE bug 1010685 CVE-2016-1248 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for vim fixes the following issues: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Moderate SUSE bug 1024724 CVE-2017-5953 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for vim (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for vim (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). Moderate SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for w3m (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Moderate SUSE bug 1011269 SUSE bug 1011270 SUSE bug 1011271 SUSE bug 1011272 SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012020 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2010-2074 CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wavpack (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Moderate SUSE bug 1120930 CVE-2018-19840 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wavpack (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Moderate SUSE bug 958342 SUSE bug 984060 SUSE bug 995964 CVE-2016-4971 CVE-2016-7098 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Moderate SUSE bug 1028301 CVE-2017-6508 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wget (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) Moderate SUSE bug 1092061 CVE-2018-0494 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Moderate SUSE bug 935158 SUSE bug 941500 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Low) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 950437 SUSE bug 960382 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Moderate SUSE bug 968565 SUSE bug 976944 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bsc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bsc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bsc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bsc#991016) - CVE-2016-6508: wireshark: RLC long loop (bsc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bsc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bsc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671) - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671) - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671) - CVE-2016-5353: UMTS FP crash (bsc#983671) - CVE-2016-5354: USB dissector crash (bsc#983671) - CVE-2016-5355: Toshiba file parser crash (bsc#983671) - CVE-2016-5356: CoSine file parser crash (bsc#983671) - CVE-2016-5357: NetScreen file parser crash (bsc#983671) - CVE-2016-5358: Ethernet dissector crash (bsc#983671) - CVE-2016-5359: WBXML infinite loop (bsc#983671) For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Moderate SUSE bug 983671 SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936). - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937). - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938). - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939). - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940). - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941). - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942). - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943). - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944). - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945). - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963). - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735). - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740). - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752). - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754). - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761). - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762). - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763). - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800). - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964). - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913). - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739). - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739). Moderate SUSE bug 1002981 SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010911 SUSE bug 1021739 SUSE bug 1025913 SUSE bug 1027998 SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 SUSE bug 998761 SUSE bug 998762 SUSE bug 998763 SUSE bug 998800 SUSE bug 998963 SUSE bug 998964 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Moderate SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Moderate SUSE bug 1044417 SUSE bug 1045341 SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 SUSE bug 1062645 SUSE bug 1070727 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-9617 CVE-2017-9766 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Moderate SUSE bug 1077080 SUSE bug 1082692 CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash Moderate SUSE bug 1088200 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wireshark fixes the following issues: Update wireshark to version 2.2.17 (bsc#1106514): Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Moderate SUSE bug 1106514 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 wpa_supplicant was updated to fix two security issues. These security issues were fixed: - CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078). - CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077). Moderate SUSE bug 930077 SUSE bug 930078 CVE-2015-4141 CVE-2015-4142 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wpa_supplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2015-0210: Fix broken certificate subject check (bsc#915323.) Moderate SUSE bug 915323 CVE-2015-0210 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issue was fixed: - Kdump did not work in a XEN environment (bsc#925466). Important SUSE bug 925466 SUSE bug 935634 SUSE bug 938344 CVE-2015-3259 CVE-2015-5154 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#949549: xm create hangs when maxmen value is enclosed in quotes Important SUSE bug 877642 SUSE bug 901488 SUSE bug 907514 SUSE bug 910258 SUSE bug 918984 SUSE bug 923967 SUSE bug 932267 SUSE bug 944463 SUSE bug 944697 SUSE bug 945167 SUSE bug 947165 SUSE bug 949138 SUSE bug 949549 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen was updated to fix 47 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958917). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969121). - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969122). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962320). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend - bsc#959928: When DomU is in state running xm domstate returned nothing Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864673 SUSE bug 864678 SUSE bug 864682 SUSE bug 864769 SUSE bug 864805 SUSE bug 864811 SUSE bug 877642 SUSE bug 897654 SUSE bug 901508 SUSE bug 902737 SUSE bug 924018 SUSE bug 928393 SUSE bug 945404 SUSE bug 945989 SUSE bug 954872 SUSE bug 956829 SUSE bug 957162 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958491 SUSE bug 958523 SUSE bug 958917 SUSE bug 959005 SUSE bug 959387 SUSE bug 959695 SUSE bug 959928 SUSE bug 960334 SUSE bug 960707 SUSE bug 960725 SUSE bug 960835 SUSE bug 960861 SUSE bug 960862 SUSE bug 961332 SUSE bug 961358 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 963923 SUSE bug 964413 SUSE bug 965315 SUSE bug 965317 SUSE bug 967012 SUSE bug 967013 SUSE bug 967630 SUSE bug 967969 SUSE bug 969121 SUSE bug 969122 SUSE bug 969350 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the 'Dark Portal' issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#986586: Out of memory (oom) during boot on 'modprobe xenblk' (non xen kernel) - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend. Additional memory adjustment made. - bsc#974912: Persistent performance drop after live-migration using xend tool stack - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#989235: xen dom0 xm create command only searched /etc/xen instead of /etc/xen/vm - Live Migration SLES 11 SP3 to SP4 on AMD: 'xc: error: Couldn't set extended vcpu0 info' - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Important SUSE bug 954872 SUSE bug 955399 SUSE bug 957986 SUSE bug 958848 SUSE bug 961600 SUSE bug 963161 SUSE bug 964427 SUSE bug 967630 SUSE bug 973188 SUSE bug 974038 SUSE bug 974912 SUSE bug 975130 SUSE bug 975138 SUSE bug 975907 SUSE bug 976058 SUSE bug 976111 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 979035 SUSE bug 979620 SUSE bug 979670 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 981276 SUSE bug 982024 SUSE bug 982025 SUSE bug 982026 SUSE bug 982224 SUSE bug 982225 SUSE bug 982286 SUSE bug 982695 SUSE bug 982960 SUSE bug 983973 SUSE bug 983984 SUSE bug 985503 SUSE bug 986586 SUSE bug 988675 SUSE bug 989235 SUSE bug 990843 SUSE bug 990923 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD Important SUSE bug 966467 SUSE bug 970135 SUSE bug 971949 SUSE bug 988675 SUSE bug 990970 SUSE bug 991934 SUSE bug 992224 SUSE bug 993507 SUSE bug 994136 SUSE bug 994421 SUSE bug 994625 SUSE bug 994761 SUSE bug 994772 SUSE bug 994775 SUSE bug 995785 SUSE bug 995789 SUSE bug 995792 SUSE bug 997731 CVE-2016-6258 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652) - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100) - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103) - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104) - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111) - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106) - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157) - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1007160) - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004) - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005) - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1004016) - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030) - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032) This non-security issue wasfixed: - bsc#1000893: virsh setmem didn't allow to set current guest memory to max limit This update also delivers man-pages-supplement since some of the man-pages in there are now contained in the xen package itself. Important SUSE bug 1000106 SUSE bug 1000893 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1004016 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009107 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) Important SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-9932 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025188) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1024186) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1022627) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014490) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV to SP4 Important SUSE bug 1000195 SUSE bug 1002496 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014490 SUSE bug 1014507 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022627 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024183 SUSE bug 1024186 SUSE bug 1024307 SUSE bug 1024834 SUSE bug 1025188 SUSE bug 907805 SUSE bug 987002 CVE-2014-8106 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). These non-security issues were fixed: - bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827: Forward port xenstored Important SUSE bug 1022555 SUSE bug 1026636 SUSE bug 1027519 SUSE bug 1027570 SUSE bug 1028235 SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1030442 CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch Important SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034845 SUSE bug 1034994 SUSE bug 1035483 CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297) - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470) - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924) These non-security issues were fixed: - bsc#1032148: Ensure that time doesn't goes backwards during live migration of HVM domU - bsc#1031460: Fixed DomU Live Migration - bsc#1014136: Fixed kdump SLES12-SP2 - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration speed Important SUSE bug 1014136 SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1031460 SUSE bug 1032148 SUSE bug 1034845 SUSE bug 1036470 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042863 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042924 SUSE bug 1042931 SUSE bug 1042938 SUSE bug 1043074 SUSE bug 1043297 CVE-2017-8112 CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 CVE-2017-9374 CVE-2017-9503 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). This non-security issue was fixed: - bsc#1032598: Prevent removal of NVME devices - bsc#1037413: Support for newer intel cpu's, mwait-idle driver and skylake Important SUSE bug 1027519 SUSE bug 1032598 SUSE bug 1037413 SUSE bug 1046637 SUSE bug 1047675 SUSE bug 1048920 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 SUSE bug 1056278 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14319 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) Important SUSE bug 1027519 SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081). - CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS (hypervisor crash) or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests (bsc#1061086). - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056336) This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install Important SUSE bug 1055047 SUSE bug 1056336 SUSE bug 1061075 SUSE bug 1061081 SUSE bug 1061086 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-13672 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). These non-security issues were fixed: - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1031382: Prevent VMs from crashing when migrating between dom0 hosts in case read() returns zero on the receiver side. Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1035442 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 SUSE bug 1080635 SUSE bug 1080662 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). These non-security issues were fixed: - bsc#1072834: Prevent unchecked MSR access error - bsc#1035442: Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds, allowing for more domUs to be shutdown in parallel - bsc#1057493: Prevent DomU crash Important SUSE bug 1027519 SUSE bug 1035442 SUSE bug 1057493 SUSE bug 1072834 SUSE bug 1083292 SUSE bug 1086107 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January. Moderate SUSE bug 1027519 SUSE bug 1079730 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1098744 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3665 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). These non-security issues were fixed: - bsc#1102116: SSBD is not virtualized for guests - bsc#1092631: Preserve the xl dmesg output after boot for determining what speculative mitigations have been detected by the hypervisor. - bsc#1101684: Make xen able to disable the visibility of the new CPU flags. Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1092631 SUSE bug 1101684 SUSE bug 1102116 CVE-2018-3646 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - Fixed an integer overflow in ccid_card_vscard_read(), which allowed for memory corruption. (bsc#1112188) - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336) - CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Upstream bug fixes (bsc#1027519) - Fixed crashing VMs when migrating between dom0 hosts (bsc#1031382) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1056336 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1110924 SUSE bug 1111007 SUSE bug 1111011 SUSE bug 1111014 SUSE bug 1112188 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues fixed: - Fixed an issue where VMs crashing when migrating between dom0 hosts (bsc#1031382). - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1031382 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Added upstream bug fix (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1130680 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). Important SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1135905 SUSE bug 1143797 SUSE bug 1145652 SUSE bug 1146874 SUSE bug 1149813 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods - bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states - bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts - bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations - bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables - bsc#1154448 - CVE-2019-18420: VCPUOP_initialise DoS - bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation - bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations - bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment - bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) - bsc#1152497 - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1161181 SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1169392 SUSE bug 1174543 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19583 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-7211 CVE-2020-8608 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205,XSA-320) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) Important SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176350 CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1178935 - CVE-2020-25723: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178935 SUSE bug 1178963 CVE-2020-25723 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). Moderate SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2021-3419: Fixed a stack overflow induced by infinite recursion issue (bsc#1182975). - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) - xenstored crashing with segfault (bsc#1182155). Important SUSE bug 1182155 SUSE bug 1182846 SUSE bug 1182975 CVE-2021-20257 CVE-2021-3419 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375) (bsc#1186433). - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654). - CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377) (bsc#1186434). - CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373) (bsc#1186429). - CVE-2021-28697: Fixed grant table v2 status pages may remain accessible after de-allocation (XSA-379) (bsc#1189376). - CVE-2021-28698: Fixed long running loops in grant table handling. (XSA-380) (bsc#1189378). - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28703: Fixed grant table v2 status pages may remain accessible after de-allocation (take two) (XSA-387) (bsc#1192555). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - CVE-2021-3527: Fixed unbounded stack allocation in usbredir (bsc#1186013). - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure in slirp (bootp) (bsc#1187369). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187378). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure in slirp (tftp) (bsc#1187376). - CVE-2021-3682: Fixed free call on invalid pointer in usbredir bufp_alloc (bsc#1189150). - CVE-2021-3930: Fixed off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (bsc#1192526). Moderate SUSE bug 1182654 SUSE bug 1186013 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187369 SUSE bug 1187376 SUSE bug 1187378 SUSE bug 1189150 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189632 SUSE bug 1192526 SUSE bug 1192554 SUSE bug 1192555 SUSE bug 1192559 CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28697 CVE-2021-28698 CVE-2021-28701 CVE-2021-28703 CVE-2021-28705 CVE-2021-28706 CVE-2021-28709 CVE-2021-3527 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3930 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23034 CVE-2022-23035 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xen (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update fixes the following security issues: - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Moderate SUSE bug 947165 SUSE bug 950703 SUSE bug 950704 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 SUSE bug 954018 SUSE bug 954405 SUSE bug 955399 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xerces-j2 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xerces-j2 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xfsprogs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Moderate SUSE bug 911866 SUSE bug 939367 CVE-2012-2150 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libICE (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). Moderate SUSE bug 927220 CVE-2013-7439 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) Moderate SUSE bug 1002991 CVE-2016-7942 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) Moderate SUSE bug 1019642 CVE-2013-1997 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) Moderate SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-libX11 (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643). Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-libXdmcp (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXfixes (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) Moderate SUSE bug 1002995 CVE-2016-7944 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXpm (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Moderate SUSE bug 1021315 CVE-2016-10164 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXrender (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Moderate SUSE bug 1003002 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libXv (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) Moderate SUSE bug 1003017 CVE-2016-5407 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Moderate SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003012 SUSE bug 1003023 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libs fixes several issues. These security issues were fixed: - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 SUSE bug 1065386 CVE-2017-13720 CVE-2017-13722 CVE-2017-16612 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-libs (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Moderate SUSE bug 1103511 CVE-2015-9262 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-server fixes the following issues: Security issues: - CVE-2017-2624: Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) Non security issues: - Use arc4random to generate cookies. (bsc#1025084) - XDrawArc performance improvement (bsc#1019649) - Fix byte swapping for gradeint stops (bsc#981044). - Remove unused function with use-after-free issue. (bsc#1025035) Moderate SUSE bug 1019649 SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 SUSE bug 981044 CVE-2017-2624 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. Important SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText (bsc#1051150). - Improve the entropy when generating random data used in X.org server authorization cookies generation by using getentropy() and getrandom() when available (bsc#1025084) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) Moderate SUSE bug 1025084 SUSE bug 1051150 SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13723 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697) Non security issues fixed: - Do not write past the allocated buffer. (bsc#1078383) Important SUSE bug 1078383 SUSE bug 1111697 CVE-2018-14665 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 CVE-2020-14345 CVE-2020-14347 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190489 CVE-2021-4011 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xscreensaver (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 The xscreensaver package was updated to fix the following security and non security issues: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). - Added xscreensaver-in_signal_handler_p.patch needed for fix of signal handling. - Refresh xscreensaver-stars.patch. Moderate SUSE bug 952062 CVE-2015-8025 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for xterm (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for xz (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for yast2-storage (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for yast2-storage provides the following fixes: Security issues fixed: - Use standard IPC, and not temporary files, to pass passwords between processes. (bsc#986971, CVE-2016-5746) Non security bugs fixed: - Fix usage of complete multipath disk as LVM physical volume. (bsc#984245) - Load the correct multipath module (dm-multipath). (bsc#937942) - Improve message for creating volumes with a filesystem but without a mount point. (bsc#996208) Moderate SUSE bug 937942 SUSE bug 984245 SUSE bug 986971 SUSE bug 996208 CVE-2016-5746 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for zlib (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate (bnc#1003577) * CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) * CVE-2016-9843: Big-endian out-of-bounds pointer Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for zlib (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:suse_sles_ltss:11:sp4 Security update for zsh (Moderate) SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath() that could lead to local arbitrary code execution ( bsc#1089030) Moderate SUSE bug 1089030 CVE-2018-1100 cpe:/o:suse:sles_sap:11:sp4 cpe:/o:suse:suse_sles:11:sp4 Security update for zsh (Important) SUSE Linux Enterprise Server 11 SP4-LTSS This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294). - CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991). - CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026). - CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656). - CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296). - CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002). - CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998). - CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250). - CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975). - CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977). - CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885). Important SUSE bug 1082885 SUSE bug 1082975 SUSE bug 1082977 SUSE bug 1082991 SUSE bug 1082998 SUSE bug 1083002 SUSE bug 1083250 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 1107294 SUSE bug 1107296 SUSE bug 1163882 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-13259 CVE-2018-7549 CVE-2019-20044 cpe:/o:suse:suse_sles_ltss:11:sp4 LibVNCServer sles-release MozillaFirefox MozillaFirefox-translations NetworkManager NetworkManager-glib NetworkManager-gnome OpenEXR OpenEXR-32bit OpenEXR-x86 PackageKit PackageKit-lang hal hal-32bit hal-doc hal-x86 libpackagekit-glib10 yast2-core PolicyKit PolicyKit-32bit PolicyKit-doc PolicyKit-x86 amavisd-new apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apache2-worker apache2-mod_perl apache2-mod_php5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-dom php5-exif php5-fastcgi php5-ftp php5-gd php5-gettext php5-gmp php5-hash php5-iconv php5-json php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pdo php5-pear php5-pgsql php5-pspell php5-shmop php5-snmp php5-soap php5-suhosin php5-sysvmsg php5-sysvsem php5-sysvshm php5-tokenizer php5-wddx php5-xmlreader php5-xmlrpc php5-xmlwriter php5-xsl php5-zip php5-zlib avahi avahi-lang avahi-utils libavahi-client3 libavahi-client3-32bit libavahi-client3-x86 libavahi-common3 libavahi-common3-32bit libavahi-common3-x86 libavahi-core5 libdns_sd libdns_sd-32bit libdns_sd-x86 bind bind-chrootenv bind-doc bind-libs bind-libs-32bit bind-libs-x86 bind-utils boost-license libboost_program_options1_36_0 libboost_regex1_36_0 libboost_signals1_36_0 bzip2 bzip2-doc libbz2-1 libbz2-1-32bit libbz2-1-x86 cifs-mount ldapsmb libsmbclient0 libsmbclient0-32bit libsmbclient0-x86 libtalloc1 libtalloc1-32bit libtalloc1-x86 libtdb1 libtdb1-32bit libtdb1-x86 libwbclient0 libwbclient0-32bit libwbclient0-x86 samba samba-32bit samba-client samba-client-32bit samba-client-x86 samba-krb-printing samba-winbind samba-winbind-32bit samba-winbind-x86 samba-x86 clamav coolkey cron cups cups-client cups-libs cups-libs-32bit cups-libs-x86 curl libcurl4 libcurl4-32bit libcurl4-x86 cyrus-imapd perl-Cyrus-IMAP perl-Cyrus-SIEVE-managesieve dbus-1 dbus-1-32bit dbus-1-x11 dbus-1-x86 dhcp dhcp-client dhcp-relay dhcp-server e2fsprogs libcom_err2 libcom_err2-32bit libcom_err2-x86 libext2fs2 emacs emacs-el emacs-info emacs-nox emacs-x11 enscript evince evince-doc evince-lang evolution-data-server evolution-data-server-32bit evolution-data-server-lang evolution-data-server-x86 expat libexpat1 libexpat1-32bit libexpat1-x86 fetchmail fetchmailconf file file-32bit file-x86 findutils findutils-locate freeradius-server freeradius-server-dialupadmin freeradius-server-doc freeradius-server-libs freeradius-server-utils freetype2 freetype2-32bit freetype2-x86 ft2demos fuse libfuse2 fvwm2 g3utils mgetty gd ghostscript-fonts-other ghostscript-fonts-rus ghostscript-fonts-std ghostscript-library ghostscript-omni ghostscript-x11 libgimpprint glib2 glib2-doc glib2-lang libgio-2_0-0 libgio-2_0-0-32bit libgio-2_0-0-x86 libglib-2_0-0 libglib-2_0-0-32bit libglib-2_0-0-x86 libgmodule-2_0-0 libgmodule-2_0-0-32bit libgmodule-2_0-0-x86 libgobject-2_0-0 libgobject-2_0-0-32bit libgobject-2_0-0-x86 libgthread-2_0-0 libgthread-2_0-0-32bit libgthread-2_0-0-x86 gmime gmime-2_4 gmime-doc libgmime-2_0-3 libgmime-2_4-2 gnome-screensaver gnome-screensaver-lang gnutls libgnutls26 libgnutls26-32bit libgnutls26-x86 gpg2 gpg2-lang gstreamer-0_10-plugins-base gstreamer-0_10-plugins-base-32bit gstreamer-0_10-plugins-base-doc gstreamer-0_10-plugins-base-lang gstreamer-0_10-plugins-base-x86 libgstapp-0_10-0 libgstapp-0_10-0-32bit libgstapp-0_10-0-x86 libgstinterfaces-0_10-0 libgstinterfaces-0_10-0-32bit libgstinterfaces-0_10-0-x86 gstreamer-0_10-plugins-good gstreamer-0_10-plugins-good-doc gstreamer-0_10-plugins-good-lang gtk2 gtk2-32bit gtk2-doc gtk2-lang gtk2-x86 gvim vim vim-base vim-data gzip hplip hplip-hpijs ipsec-tools java-1_4_2-ibm java-1_4_2-ibm-jdbc java-1_4_2-ibm-plugin java-1_6_0-ibm java-1_6_0-ibm-alsa java-1_6_0-ibm-fonts java-1_6_0-ibm-jdbc java-1_6_0-ibm-plugin kde4-kgreeter-plugins kdebase4-wallpapers kdebase4-workspace kdebase4-workspace-ksysguardd kdm kwin kdebase3-runtime kdebase3-runtime-32bit kdebase3-runtime-x86 kdelibs3 kdelibs3-32bit kdelibs3-default-style kdelibs3-default-style-32bit kdelibs3-default-style-x86 kdelibs3-x86 kdelibs4 kdelibs4-core kdelibs4-doc libkde4 libkde4-32bit libkde4-x86 libkdecore4 libkdecore4-32bit libkdecore4-x86 kernel-default kernel-default-base kernel-default-devel kernel-default-man kernel-pae kernel-pae-base kernel-pae-devel kernel-ppc64 kernel-ppc64-base kernel-ppc64-devel kernel-source kernel-syms kernel-trace kernel-trace-base kernel-trace-devel kernel-xen kernel-xen-base kernel-xen-devel krb5 krb5-32bit krb5-apps-clients krb5-apps-servers krb5-client krb5-server krb5-x86 krb5-doc krb5-plugin-kdb-ldap krb5-plugin-preauth-pkinit kvm lcms liblcms1 liblcms1-32bit liblcms1-x86 libMagickCore1 libMagickCore1-32bit libQtWebKit4 libQtWebKit4-32bit libQtWebKit4-x86 libqt4 libqt4-32bit libqt4-qt3support libqt4-qt3support-32bit libqt4-qt3support-x86 libqt4-sql libqt4-sql-32bit libqt4-sql-mysql libqt4-sql-sqlite libqt4-sql-x86 libqt4-x11 libqt4-x11-32bit libqt4-x11-x86 libqt4-x86 qt4-x11-tools libadns1 libapr-util1 libapr-util1-32bit libapr1 libapr1-32bit libarchive2 libdrm libdrm-32bit libdrm-x86 libexif libexif-32bit libexif-x86 libexiv2-4 libgtop libgtop-2_0-7 libgtop-doc libgtop-lang libicu libicu-32bit libicu-doc libicu-x86 libltdl7 libltdl7-32bit libltdl7-x86 libtool libtool-32bit libtool-x86 libmusicbrainz4 libmysqlclient15 libmysqlclient15-32bit libmysqlclient15-x86 libmysqlclient_r15 mysql mysql-Max mysql-client libneon27 libneon27-32bit libneon27-x86 neon libnetpbm10 libnetpbm10-32bit libnetpbm10-x86 netpbm libopensc2 libopensc2-32bit libopensc2-x86 opensc opensc-32bit opensc-x86 libopenssl0_9_8 libopenssl0_9_8-32bit libopenssl0_9_8-x86 openssl openssl-doc libpng12-0 libpng12-0-32bit libpng12-0-x86 libpoppler-glib4 libpoppler-qt4-3 libpoppler5 poppler-tools libpulse-browse0 libpulse-mainloop-glib0 libpulse0 libpulse0-32bit libpulse0-x86 pulseaudio pulseaudio-esound-compat pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils libpython2_6-1_0 libpython2_6-1_0-32bit libpython2_6-1_0-x86 python-base python-base-32bit python-base-x86 python-xml pyxml librpcsecgss libtirpc1 libsamplerate libsamplerate-32bit libsamplerate-x86 libsndfile libsndfile-32bit libsndfile-x86 libsnmp15 libsnmp15-32bit libsnmp15-x86 net-snmp perl-SNMP snmp-mibs libsoup-2_4-1 libsoup-2_4-1-32bit libsoup-2_4-1-x86 libtiff3 libtiff3-32bit libtiff3-x86 tiff libvirt libvirt-doc libvirt-python libvorbis libvorbis-32bit libvorbis-doc libvorbis-x86 libxml2 libxml2-32bit libxml2-doc libxml2-x86 libxslt libxslt-32bit libxslt-x86 log4net mailman man mono-core mono-data mono-data-postgresql mono-data-sqlite mono-locale-extras mono-nunit mono-web mono-winforms mozilla-xulrunner190 mozilla-xulrunner190-32bit mozilla-xulrunner190-gnomevfs mozilla-xulrunner190-translations mozilla-xulrunner190-x86 mozilla-xulrunner191 mozilla-xulrunner191-32bit mozilla-xulrunner191-gnomevfs mozilla-xulrunner191-translations mozilla-xulrunner191-x86 mutt nagios nagios-www nagios-plugins nagios-plugins-extras ntp ntp-doc openssh openssh-askpass openswan openswan-doc openvpn openvpn-auth-pam-plugin pam pam-32bit pam-doc pam-x86 pam_krb5 pam_krb5-32bit pam_krb5-x86 pam_ldap pam_ldap-32bit pam_ldap-x86 pam_mount pam_mount-32bit pam_mount-x86 perl perl-32bit perl-base perl-doc perl-x86 perl-HTML-Parser perl-Tk perl-spamassassin spamassassin postgresql postgresql-contrib postgresql-docs postgresql-libs postgresql-libs-32bit postgresql-libs-x86 postgresql-server puppet puppet-server python python-32bit python-curses python-demo python-gdbm python-idle python-tk python-x86 qt3 qt3-32bit qt3-x86 quagga rsync ruby ruby-doc-html ruby-tk squid star sudo syslog-ng sysstat sysstat-isag systemtap systemtap-client systemtap-server tar unrar unzip w3m wget wireshark xdg-utils xen xen-doc-html xen-doc-pdf xen-kmp-default xen-kmp-pae xen-libs xen-tools xen-tools-domU xorg-x11 xorg-x11-xauth xorg-x11-Xvnc xorg-x11-server xorg-x11-server-extra xpdf-tools xterm zoo aaa_base acpid apache2-mod_jk apache2-mod_php53 php53 php53-bcmath php53-bz2 php53-calendar php53-ctype php53-curl php53-dba php53-dom php53-exif php53-fastcgi php53-fileinfo php53-ftp php53-gd php53-gettext php53-gmp php53-iconv php53-intl php53-json php53-ldap php53-mbstring php53-mcrypt php53-mysql php53-odbc php53-openssl php53-pcntl php53-pdo php53-pear php53-pgsql php53-pspell php53-shmop php53-snmp php53-soap php53-suhosin php53-sysvmsg php53-sysvsem php53-sysvshm php53-tokenizer php53-wddx php53-xmlreader php53-xmlrpc php53-xmlwriter php53-xsl php53-zip php53-zlib cifs-utils dbus-1-glib dbus-1-glib-32bit dbus-1-glib-x86 dhcpcd dhcpv6 ecryptfs-utils ecryptfs-utils-32bit ecryptfs-utils-x86 ed foomatic-filters glibc glibc-32bit glibc-devel glibc-devel-32bit glibc-html glibc-i18ndata glibc-info glibc-locale glibc-locale-32bit glibc-locale-x86 glibc-profile glibc-profile-32bit glibc-profile-x86 glibc-x86 nscd kbd kdenetwork4-filesharing kget kopete krdc krfb libldb1 libtalloc2 libtalloc2-32bit libtalloc2-x86 libtevent0 libcap-progs libcap2 libcap2-32bit libcap2-x86 libcgroup1 libfreebl3 libfreebl3-32bit libfreebl3-x86 mozilla-nss mozilla-nss-32bit mozilla-nss-tools mozilla-nss-x86 libgdiplus0 libgnomesu libgnomesu-lang libgnomesu0 mysql-tools libnewt0_52 newt python-newt librsvg librsvg-32bit librsvg-x86 rsvg-view libvirt-client libvirt-client-32bit libxcrypt libxcrypt-32bit libxcrypt-x86 pam-modules pam-modules-32bit pam-modules-x86 pwdutils pwdutils-plugin-audit libzip1 logrotate logwatch lvm2 mipv6d mozilla-xulrunner192 mozilla-xulrunner192-32bit mozilla-xulrunner192-gnome mozilla-xulrunner192-translations mozilla-xulrunner192-x86 ofed ofed-doc ofed-kmp-default ofed-kmp-pae ofed-kmp-ppc64 ofed-kmp-trace openslp openslp-32bit openslp-server openslp-x86 opie opie-32bit opie-x86 pango pango-32bit pango-doc pango-x86 pcsc-ccid pcsc-lite pcsc-lite-32bit pcsc-lite-x86 perl-libwww-perl pure-ftpd python-sssd-config sssd sssd-32bit sssd-tools radvd rsyslog rsyslog-diag-tools rsyslog-doc rsyslog-module-gssapi rsyslog-module-gtls rsyslog-module-mysql rsyslog-module-pgsql rsyslog-module-relp rsyslog-module-snmp rsyslog-module-udpspoof squid3 squidGuard squidGuard-doc sysconfig system-config-printer system-config-printer-lang t1lib tftp tgt tomcat6 tomcat6-admin-webapps tomcat6-docs-webapp tomcat6-javadoc tomcat6-jsp-2_1-api tomcat6-lib tomcat6-servlet-2_5-api tomcat6-webapps vte vte-doc vte-lang xen-libs-32bit xorg-x11-libs xorg-x11-libs-32bit xorg-x11-libs-x86 yast2 Mesa Mesa-32bit Mesa-x86 ant ant-trax apache2-mod_security2 ark kcalc kcharselect kdessh kdf kfloppy kgpg ktimer kwalletmanager kwikdisk okteta libboost_thread1_36_0 compat-libldap-2_3-0 libldap-2_4-2 libldap-2_4-2-32bit libldap-2_4-2-x86 openldap2 openldap2-back-meta openldap2-client cvs cvs-doc libgnutls-extra26 guestfs-data guestfs-tools guestfsd libguestfs0 hyper-v ibutils ibutils-32bit jakarta-commons-httpclient3 java-1_7_0-ibm java-1_7_0-ibm-alsa java-1_7_0-ibm-jdbc java-1_7_0-ibm-plugin jpeg libjpeg libjpeg-32bit libjpeg-x86 libecpg6 libpq5 libpq5-32bit postgresql91 postgresql91-contrib postgresql91-docs postgresql91-server libsoftokn3 libsoftokn3-32bit libsoftokn3-x86 libopenssl0_9_8-hmac libopenssl0_9_8-hmac-32bit libotr2 libproxy0 libproxy0-32bit libproxy0-config-gnome libproxy0-config-kde4 libproxy0-networkmanager libproxy0-x86 libsss_idmap0 libtspi1 libtspi1-32bit libtspi1-x86 trousers libupsclient1 nut nut-classic nut-drivers-net libvirt-lock-sanlock nfs-client openCryptoki openCryptoki-32bit openCryptoki-64bit perl-Module-Build perl-Test-Simple python-pam sblim-sfcb socat stunnel taglib taglib-32bit taglib-x86 unixODBC_23 virt-utils x3270 xorg-x11-libxcb xorg-x11-libxcb-32bit xorg-x11-libxcb-x86 xorg-x11-server-dmx xorg-x11-server-rdp a2ps apache2-mod_nss augeas augeas-lenses libaugeas0 automake bash bash-doc bash-x86 libreadline5 libreadline5-32bit libreadline5-x86 readline-doc binutils boost-license1_49_0 libboost_system1_49_0 libboost_thread1_49_0 coreutils coreutils-lang coreutils-x86 cpio cpio-lang davfs2 dnsmasq elfutils libasm1 libasm1-32bit libdw1 libdw1-32bit libdw1-x86 libebl1 libebl1-32bit libebl1-x86 libelf1 libelf1-32bit libelf1-x86 fastjar gpgme libgpgme11 jakarta-commons-fileupload jakarta-commons-fileupload-javadoc java-1_7_1-ibm java-1_7_1-ibm-alsa java-1_7_1-ibm-jdbc java-1_7_1-ibm-plugin kdebase4-runtime kdirstat libtevent0-32bit libFLAC++6 libFLAC8 libFLAC8-32bit libFLAC8-x86 libapr-util1-dbd-sqlite3 libblkid1 libblkid1-32bit libblkid1-x86 libuuid1 libuuid1-32bit libuuid1-x86 util-linux util-linux-lang uuid-runtime postgresql94 postgresql94-contrib postgresql94-docs postgresql94-server libevent-1_4-2 libgcc_s1 libgcc_s1-32bit libgcc_s1-x86 libgfortran3 libgomp1 libgomp1-32bit libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-x86 libgcrypt11 libgcrypt11-32bit libgcrypt11-x86 libjasper libjasper-32bit libjasper-x86 libksba liblzo2-2 liblzo2-2-32bit liblzo2-2-x86 libmpfr1 libmpfr1-32bit libmpfr1-x86 libmspack0 libmysql55client18 libmysql55client18-32bit libmysql55client18-x86 libmysql55client_r18 libmysql55client_r18-32bit libmysql55client_r18-x86 libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-x86 libpulse-mainloop-glib0-32bit libpulse-mainloop-glib0-x86 libssh2-1 libtasn1 libtasn1-3 libtasn1-3-32bit libtasn1-3-x86 libtevent0-x86 libwsman1 openwsman-client openwsman-server suseRegister lxc mailx mozilla-nspr mozilla-nspr-32bit mozilla-nspr-x86 nagios-nrpe nagios-nrpe-doc nagios-plugins-nrpe nfs-doc nfs-kernel-server openssh-fips popt popt-32bit popt-x86 rpm rpm-32bit rpm-x86 powerpc-utils ppc64-diag ppp procmail python-imaging python-lxml python-pywbem sendmail shim strongswan strongswan-doc tcpdump vino vino-lang vsftpd wpa_supplicant xalan-j2 xinetd xorg-x11-libX11 xorg-x11-libX11-32bit xorg-x11-libX11-x86 xorg-x11-libXext xorg-x11-libXext-32bit xorg-x11-libXext-x86 xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXfixes-x86 xorg-x11-libXp xorg-x11-libXp-32bit xorg-x11-libXp-x86 xorg-x11-libXrender xorg-x11-libXrender-32bit xorg-x11-libXrender-x86 xorg-x11-libXt xorg-x11-libXt-32bit xorg-x11-libXt-x86 xorg-x11-libXv xorg-x11-libXv-32bit xorg-x11-libXv-x86 curl-openssl1 libcurl4-openssl1 libcurl4-openssl1-32bit libldap-openssl1-2_4-2 libldap-openssl1-2_4-2-32bit libopenssl1-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl1 openssl1-doc libslp1-openssl1 libsnmp15-openssl1 libsnmp15-openssl1-32bit mailx-openssl1 openssh-openssl1 openssh-openssl1-helpers openvpn-openssl1 openvpn-openssl1-down-root-plugin sblim-sfcb-openssl1 stunnel-openssl1 vsftpd-openssl1 wget-openssl1 GraphicsMagick libGraphicsMagick2 perl-GraphicsMagick sled-release SLES_SAP-release sle-sdk-release ImageMagick ImageMagick-devel libMagick++-devel libMagick++1 libMagickWand1 libMagickWand1-32bit perl-PerlMagick LibVNCServer-devel Mesa-devel Mesa-devel-32bit MozillaFirefox-devel NetworkManager-devel OpenEXR-devel PackageKit-devel hal-devel libpackagekit-glib10-devel libpackagekit-qt10 libpackagekit-qt10-devel PolicyKit-devel Xerces-c libXerces-c-devel libXerces-c28 a2ps-devel ant-antlr ant-apache-bcel ant-apache-bsf ant-apache-log4j ant-apache-oro ant-apache-regexp ant-apache-resolver ant-commons-logging ant-javadoc ant-javamail ant-jdepend ant-jmf ant-junit ant-manual ant-nodeps ant-scripts ant-swing apache2-devel apache2-mod_fcgid apache2-mod_perl-devel augeas-devel avahi-compat-howl-devel avahi-compat-mDNSResponder-devel libavahi-devel libhowl0 python-avahi bind-devel bind-devel-32bit binutils-devel binutils-devel-32bit binutils-gold cross-ppc-binutils cross-spu-binutils boinc-client boinc-client-devel boost-devel boost-devel-32bit boost-doc libboost_date_time1_36_0 libboost_date_time1_36_0-32bit libboost_filesystem1_36_0 libboost_filesystem1_36_0-32bit libboost_graph1_36_0 libboost_graph1_36_0-32bit libboost_iostreams1_36_0 libboost_iostreams1_36_0-32bit libboost_math1_36_0 libboost_math1_36_0-32bit libboost_mpi1_36_0 libboost_program_options1_36_0-32bit libboost_python1_36_0 libboost_python1_36_0-32bit libboost_regex1_36_0-32bit libboost_serialization1_36_0 libboost_serialization1_36_0-32bit libboost_signals1_36_0-32bit libboost_system1_36_0 libboost_system1_36_0-32bit libboost_test1_36_0 libboost_test1_36_0-32bit libboost_thread1_36_0-32bit libboost_wave1_36_0 libboost_wave1_36_0-32bit build bytefx-data-mysql mono-data-firebird mono-data-oracle mono-data-sybase mono-devel mono-extras mono-jscript mono-wcf mono-winfxcore monodoc-core coolkey-devel cpp48 gcc48 gcc48-32bit gcc48-c++ gcc48-fortran gcc48-fortran-32bit gcc48-info gcc48-locale libasan0 libatomic1 libgfortran3-32bit libitm1 libquadmath0-32bit libstdc++48-devel libstdc++48-devel-32bit libtsan0 cscope ctdb-devel cups-devel cyrus-imapd-devel dbus-1-devel dbus-1-devel-doc dbus-1-glib-devel derby dhcp-devel e2fsprogs-devel libcom_err-devel libcom_err-devel-32bit libext2fs-devel libext2fs-devel-32bit libext2fs2-32bit libext2fs2-x86 empathy empathy-devel empathy-lang evince-devel evolution evolution-devel evolution-lang evolution-data-server-devel file-devel fileshareset kdebase3 kdebase3-32bit kdebase3-devel misc-console-font finch finch-devel libpurple libpurple-devel libpurple-lang pidgin pidgin-devel flac-devel libFLAC++6-32bit libFLAC++6-x86 freeradius-server-devel freetype2-devel freetype2-devel-32bit fuse-devel gd-devel gdk-pixbuf gdk-pixbuf-32bit gdk-pixbuf-devel ghostscript-devel ghostscript-ijs-devel libgimpprint-devel gimp gimp-devel gimp-lang gimp-plugins-python git git-arch git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk glib2-devel glib2-devel-32bit libgio-fam gmime-2_4-devel gmime-devel gmime-sharp gnucash gnucash-devel gnucash-lang gstreamer-0_10-plugins-base-devel gtk2-devel gtk2-devel-32bit ibutils-devel ibutils-devel-32bit icu libicu-devel libicu-devel-32bit imlib imlib-32bit imlib-config imlib-devel imlib-x86 imlib2 imlib2-devel imlib2-filters imlib2-loaders inkscape inkscape-extensions-dia inkscape-extensions-extra inkscape-extensions-fig inkscape-extensions-gimp inkscape-lang java-1_7_1-ibm-devel kdebase4-workspace-devel kdelibs3-arts kdelibs3-arts-32bit kdelibs3-arts-x86 kdelibs3-devel kdelibs3-doc libkde4-devel libkdecore4-devel kernel-docs kopete-devel krb5-devel krb5-devel-32bit libQtWebKit-devel libqt4-devel libqt4-devel-doc libqt4-devel-doc-data libqt4-sql-mysql-32bit libqt4-sql-mysql-x86 libqt4-sql-postgresql libqt4-sql-postgresql-32bit libqt4-sql-postgresql-x86 libqt4-sql-sqlite-32bit libqt4-sql-sqlite-x86 libqt4-sql-unixODBC libqt4-sql-unixODBC-32bit libqt4-sql-unixODBC-x86 libadns-devel libapr-util1-devel libapr-util1-devel-32bit libapr1-devel libapr1-devel-32bit libarchive-devel libasm-devel libdw-devel libebl-devel libelf-devel libblkid-devel libblkid-devel-32bit libuuid-devel libuuid-devel-32bit libbz2-devel libcap-devel libcgroup-devel libcurl-devel libdhcp6client-1_0-2 libdhcp6client-devel libdrm-devel libdrm-devel-32bit libevent-devel libexif-devel libexiv2-4-32bit libexiv2-4-x86 libexiv2-devel libexpat-devel libgadu libgadu-devel libgcrypt-devel libgcrypt-devel-32bit libgnomesu-devel libgnutls-devel libgnutls-extra-devel libgpgme-devel libgpgme11-32bit libgpgme11-x86 libgtop-2_0-7-32bit libgtop-2_0-7-x86 libgtop-devel libguestfs-devel libid3tag libid3tag-devel libjasper-devel libjpeg-devel libjpeg-devel-32bit libksba-devel liblcms-devel liblcms-devel-32bit python-lcms libldb-devel libnetapi-devel libnetapi0 libsmbclient-devel libsmbsharemodes-devel libsmbsharemodes0 libtalloc-devel libtdb-devel libtevent-devel libwbclient-devel samba-devel samba-test libmikmod libmikmod-devel mpfr-devel mpfr-devel-32bit libmspack-devel libmusicbrainz-devel libmysqlclient-devel libmysqlclient_r15-32bit libmysqlclient_r15-x86 libneon-devel libnetpbm-devel libnetpbm-devel-32bit newt-devel newt-static libopenssl-devel libotr-devel libpcp3 pcp pcp-devel pcp-import-iostat2pcp pcp-import-mrtg2pcp pcp-import-sar2pcp pcp-import-sheet2pcp perl-PCP-LogImport perl-PCP-LogSummary perl-PCP-MMV perl-PCP-PMDA libpixman-1-0-devel libpng-devel libpng-devel-32bit libpoppler-devel libpoppler-glib-devel libpoppler-qt2 libpoppler-qt3-devel libpoppler-qt4-devel libproxy-devel libpulse-devel readline-devel readline-devel-32bit libreoffice libreoffice-base libreoffice-base-drivers-postgresql libreoffice-base-extensions libreoffice-calc libreoffice-calc-extensions libreoffice-draw libreoffice-draw-extensions libreoffice-filters-optional libreoffice-gnome libreoffice-impress libreoffice-impress-extensions libreoffice-kde libreoffice-kde4 libreoffice-l10n-prebuilt libreoffice-mailmerge libreoffice-math libreoffice-mono libreoffice-officebean libreoffice-pyuno libreoffice-sdk libreoffice-writer libreoffice-writer-extensions libreoffice-branding-upstream libreoffice-icon-themes libreoffice-l10n-af libreoffice-l10n-ar libreoffice-l10n-ca libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en-GB libreoffice-l10n-es libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-gu-IN libreoffice-l10n-hi-IN libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ko libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-nn libreoffice-l10n-pl libreoffice-l10n-pt libreoffice-l10n-pt-BR libreoffice-l10n-ru libreoffice-l10n-sk libreoffice-l10n-sv libreoffice-l10n-xh libreoffice-l10n-zh-CN libreoffice-l10n-zh-TW libreoffice-l10n-zu libreoffice-help-cs libreoffice-help-da libreoffice-help-de libreoffice-help-en-GB libreoffice-help-en-US libreoffice-help-es libreoffice-help-fr libreoffice-help-gu-IN libreoffice-help-hi-IN libreoffice-help-hu libreoffice-help-it libreoffice-help-ja libreoffice-help-ko libreoffice-help-nl libreoffice-help-pl libreoffice-help-pt libreoffice-help-pt-BR libreoffice-help-ru libreoffice-help-sv libreoffice-help-zh-CN libreoffice-help-zh-TW libreoffice-testtool librsvg-devel libsamplerate-devel libsmi libsndfile-devel net-snmp-devel net-snmp-devel-32bit libsoup-devel libsoup-devel-32bit libssh2 libssh2-1-32bit libssh2-1-x86 libssh2-devel libsss_idmap-devel libsss_sudo-devel libtasn1-devel libthai libthai-devel libtiff-devel libtiff-devel-32bit libtirpc-devel libtunepimp libtunepimp-devel libtunepimp5 nut-cgi nut-devel libvirt-devel libvirt-devel-32bit libvorbis-devel libwebkit-1_0-1 libwebkit-1_0-2 libwebkit-devel libwebkit-lang libwmf libwmf-32bit libwmf-devel libwmf-gnome libwmf-gnome-32bit libwmf-gnome-x86 libwmf-x86 libwpd-0_8-8 libwpd-devel libwpd-devel-doc libwsman-devel openwsman-python libxcrypt-devel libxine-devel libxine1 libxine1-32bit libxine1-gnome-vfs libxine1-pulse libxml libxml-32bit libxml-devel libxml2-devel libxml2-devel-32bit libxslt-devel libxslt-devel-32bit libyaml-devel lighttpd lighttpd-mod_cml lighttpd-mod_magnet lighttpd-mod_mysql_vhost lighttpd-mod_rrdtool lighttpd-mod_trigger_b4_dl lighttpd-mod_webdav lxc-devel lynx lzo-devel lzo-devel-32bit memcached mercurial mozilla-nspr-devel mozilla-nss-devel mozilla-xulrunner192-devel mozilla-xulrunner192-gnome-32bit mozilla-xulrunner192-translations-32bit nagios-devel netatalk netatalk-devel novell-ipsec-tools novell-ipsec-tools-devel obex-data-server ofed-devel openCryptoki-devel openldap2-back-perl openldap2-devel openldap2-devel-32bit opensc-devel openslp-devel osc pam-devel pam-devel-32bit pango-devel pango-devel-32bit pcsc-lite-devel perl-DBD-Pg perl-Tk-devel perl-base-32bit php53-devel php53-imap php53-posix php53-readline php53-sockets php53-sqlite php53-tidy popt-devel popt-devel-32bit rpm-devel rpm-devel-32bit postgresql-devel postgresql94-devel ppp-devel pwlib pwlib-devel python-crypto python-devel python-imaging-sane python-logilab-common python-lxml-doc python-setuptools qemu qt3-devel qt3-devel-32bit qt3-devel-doc qt3-devel-tools qt3-devel-tools-32bit quagga-devel ruby-devel ruby-doc-ri ruby-examples ruby-test-suite rubygem-actionmailer-3_2 rubygem-actionpack-3_2 rubygem-activemodel-3_2 rubygem-activeresource-3_2 rubygem-rails-3_2 rubygem-railties-3_2 rubygem-activerecord-3_2 rubygem-activesupport-3_2 rubygem-bundler rubygem-i18n-0_6 rubygem-json_pure rubygem-rack-1_4 rubygem-rack-ssl rubygem-rdoc rubygem-sprockets-2_2 rxvt-unicode sendmail-devel silc-toolkit silc-toolkit-devel struts struts-javadoc struts-manual subversion subversion-devel subversion-perl subversion-python subversion-server subversion-tools t1lib-devel taglib-devel telepathy-gabble texlive texlive-arab texlive-bin texlive-bin-cjk texlive-bin-devel texlive-bin-dvilj texlive-bin-jadetex texlive-bin-latex texlive-bin-metapost texlive-bin-musictex texlive-bin-omega texlive-bin-tex4ht texlive-bin-tools texlive-bin-xetex texlive-bin-xmltex texlive-cjk texlive-context texlive-devel texlive-doc texlive-dvilj texlive-jadetex texlive-latex texlive-latex-doc texlive-metapost texlive-musictex texlive-omega texlive-ppower4 texlive-tex4ht texlive-tools texlive-xetex texlive-xmltex trousers-devel unixODBC_23-devel valgrind valgrind-devel vte-devel wireshark-devel xalan-j2-demo xalan-j2-javadoc xalan-j2-manual xen-devel xorg-x11-devel xorg-x11-devel-32bit xorg-x11-libX11-devel xorg-x11-libX11-devel-32bit xorg-x11-libXext-devel xorg-x11-libXext-devel-32bit xorg-x11-libXfixes-devel xorg-x11-libXfixes-devel-32bit xorg-x11-libXp-devel xorg-x11-libXp-devel-32bit xorg-x11-libXrender-devel xorg-x11-libXrender-devel-32bit xorg-x11-libXt-devel xorg-x11-libXt-devel-32bit xorg-x11-libXv-devel xorg-x11-libXv-devel-32bit xorg-x11-libxcb-devel xorg-x11-libxcb-devel-32bit xorg-x11-server-sdk yast2-core-devel yast2-devel-doc python-Jinja2 python-azure-agent php5-devel php5-imap php5-ncurses php5-posix php5-readline php5-sockets php5-sqlite php5-tidy beagle beagle-devel beagle-lang inn inn-devel java-1_4_2-ibm-devel java-1_6_0-ibm-devel java-1_7_0-ibm-devel postgresql91-devel libxslt-python perl-base-x86 python-httplib2 rubygem-rack-1_3 rubygem-rack rubygem-actionmailer-2_3 rubygem-actionpack-2_3 rubygem-activerecord-2_3 rubygem-activeresource-2_3 rubygem-activesupport-2_3 rubygem-rails rubygem-rails-2_3 rubygem-actionpack-2_1 rubygem-mail-2_3 rubygem-rack-cache-1_1 python-magic giflib-devel giflib-devel-32bit kde4-l10n-de-data kde4-l10n-de-doc liblcms2-devel python-doc python-doc-pdf gnu-efi libtidy libtidy-devel tidy xfsprogs-devel libbotan-devel libbotan-1_6_5 firefox-fontconfig-devel SDL-32bit SDL-devel SDL-devel-32bit SDL_image SDL_image-devel audiofile-devel avahi-mono libavahi-glib-devel libavahi-gobject-devel libavahi-gobject0 libavahi-ui0 python-avahi-gtk bsh2 bsh2-classgen bsh2-javadoc bzr cairo-devel cairo-devel-32bit cairo-doc cracklib-devel crash crash-devel dom4j libexempi-devel fontconfig-devel fontconfig-devel-32bit cpp43 gcc43-ada gcc43-fortran gcc43-fortran-32bit gcc43-obj-c++ gcc43-objc gcc43-objc-32bit libada43 libobjc43 libobjc43-32bit libasan0-32bit cpp5 gcc5 gcc5-32bit gcc5-c++ gcc5-c++-32bit gcc5-fortran gcc5-fortran-32bit gcc5-info gcc5-locale libasan2 libasan2-32bit libcilkrts5 libcilkrts5-32bit libffi-devel-gcc5 libffi-devel-gcc5-32bit libitm1-32bit liblsan0 libstdc++6-devel-gcc5 libstdc++6-devel-gcc5-32bit libubsan0 libubsan0-32bit guile-devel libcap-ng-devel python-capng libcares-devel libdb-4_5-devel libdb_java-4_5 libical-devel libical0-32bit libidn-devel libofx libofx-devel libofx4 libosip2 libosip2-devel libquicktime libquicktime-devel google-carlito-fonts hyphen-devel libhyphen0 libmythes-1_2-0 libreoffice-icon-theme-galaxy libreoffice-icon-theme-tango libreoffice-l10n-en libreoffice-l10n-gu libreoffice-l10n-hi libreoffice-l10n-pt-PT libreoffice-l10n-zh-Hans libreoffice-l10n-zh-Hant libreoffice-share-linker libreoffice-voikko libvoikko-devel libvoikko1 myspell-af_NA myspell-af_ZA myspell-ar myspell-ar_AE myspell-ar_BH myspell-ar_DZ myspell-ar_EG myspell-ar_IQ myspell-ar_JO myspell-ar_KW myspell-ar_LB myspell-ar_LY myspell-ar_MA myspell-ar_OM myspell-ar_QA myspell-ar_SA myspell-ar_SD myspell-ar_SY myspell-ar_TN myspell-ar_YE myspell-be_BY myspell-bg_BG myspell-bn_BD myspell-bn_IN myspell-bs myspell-bs_BA myspell-ca myspell-ca_AD myspell-ca_ES myspell-ca_ES_valencia myspell-ca_FR myspell-ca_IT myspell-cs_CZ myspell-da_DK myspell-de myspell-de_AT myspell-de_CH myspell-de_DE myspell-dictionaries myspell-el_GR myspell-en myspell-en_AU myspell-en_BS myspell-en_BZ myspell-en_CA myspell-en_GB myspell-en_GH myspell-en_IE myspell-en_IN myspell-en_JM myspell-en_MW myspell-en_NA myspell-en_NZ myspell-en_PH myspell-en_TT myspell-en_US myspell-en_ZA myspell-en_ZW myspell-es myspell-es_AR myspell-es_BO myspell-es_CL myspell-es_CO myspell-es_CR myspell-es_CU myspell-es_DO myspell-es_EC myspell-es_ES myspell-es_GT myspell-es_HN myspell-es_MX myspell-es_NI myspell-es_PA myspell-es_PE myspell-es_PR myspell-es_PY myspell-es_SV myspell-es_UY myspell-es_VE myspell-et_EE myspell-fr_BE myspell-fr_CA myspell-fr_CH myspell-fr_FR myspell-fr_LU myspell-fr_MC myspell-gu_IN myspell-he_IL myspell-hi_IN myspell-hr_HR myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-lo_LA myspell-lt_LT myspell-lv_LV myspell-nb_NO myspell-nl_BE myspell-nl_NL myspell-nn_NO myspell-no myspell-pl_PL myspell-pt_AO myspell-pt_BR myspell-pt_PT myspell-ro myspell-ro_RO myspell-ru_RU myspell-sk_SK myspell-sl_SI myspell-sr myspell-sr_CS myspell-sr_Latn_CS myspell-sr_Latn_RS myspell-sr_RS myspell-sv_FI myspell-sv_SE myspell-te myspell-te_IN myspell-th_TH myspell-vi myspell-vi_VN myspell-zu_ZA mythes-devel python-importlib libssh-devel libssh-devel-doc libmxml1 mxml nasm nautilus-devel ncurses-devel ncurses-devel-32bit tack ntfs-3g ntfs-3g-devel ntfsprogs ocaml ocaml-compiler-libs ocaml-runtime libopenssl-devel-32bit perl-DBD-mysql perl-SOAP-Lite python-numpy-devel rubygem-mail-2_4 sane-backends-32bit sane-backends-autoconfig sane-backends-x86 libspice-server-devel sqlite3-devel wavpack wavpack-devel wireshark-gtk libwireshark8 libwiretap6 libwscodecs1 libwsutil7 portaudio portaudio-devel xerces-j2-demo xerces-j2-scripts xerces-j2-xml-apis xerces-j2-xml-resolver xorg-x11-libICE-devel xorg-x11-libICE-devel-32bit xorg-x11-libXdmcp-32bit xorg-x11-libXdmcp-devel xorg-x11-libXdmcp-devel-32bit xorg-x11-libXpm-devel xorg-x11-libXpm-devel-32bit yast2-storage-devel zlib-devel zlib-devel-32bit clamav-openssl1 libcurl4-openssl1-x86 cyrus-sasl-openssl1 cyrus-sasl-openssl1-32bit cyrus-sasl-openssl1-crammd5 cyrus-sasl-openssl1-crammd5-32bit cyrus-sasl-openssl1-crammd5-x86 cyrus-sasl-openssl1-digestmd5 cyrus-sasl-openssl1-digestmd5-32bit cyrus-sasl-openssl1-digestmd5-x86 cyrus-sasl-openssl1-gssapi cyrus-sasl-openssl1-gssapi-32bit cyrus-sasl-openssl1-gssapi-x86 cyrus-sasl-openssl1-ntlm cyrus-sasl-openssl1-otp cyrus-sasl-openssl1-otp-32bit cyrus-sasl-openssl1-otp-x86 cyrus-sasl-openssl1-plain cyrus-sasl-openssl1-plain-32bit cyrus-sasl-openssl1-plain-x86 cyrus-sasl-openssl1-x86 libopenssl1_0_0-x86 libldap-openssl1-2_4-2-x86 openldap2-client-openssl1 openldap2-openssl1 acroread acroread-cmaps acroread-fonts-ja acroread-fonts-ko acroread-fonts-zh_CN acroread-fonts-zh_TW acroread_ja bogofilter ibm-data-db2 libldb1-32bit samba-doc compat-openssl097g compat-openssl097g-32bit libpurple-meanwhile libpurple-tcl MozillaFirefox-branding-SLED beagle-evolution beagle-firefox beagle-gui mhtml-firefox flash-player flash-player-gnome flash-player-kde4 icedtea-web java-1_6_0-openjdk java-1_6_0-openjdk-demo java-1_6_0-openjdk-devel kernel-default-extra kernel-pae-extra kernel-trace-extra kernel-xen-extra xen-kmp-trace permissions libproxy0-config-gnome-32bit libproxy0-networkmanager-32bit libxml2-python openssl-certs telepathy-idle usbmuxd virt-manager vm-install zypper zypper-log cabextract compat-wireless-kmp-default compat-wireless-kmp-pae compat-wireless-kmp-xen giflib giflib-32bit grub2-x86_64-efi grub2-x86_64-xen gstreamer-0_10-plugins-bad gstreamer-0_10-plugins-bad-lang libgstbasecamerabinsrc-0_10-0 libgstbasecamerabinsrc-0_10-0-32bit libgstbasevideo-0_10-0 libgstbasevideo-0_10-0-32bit libgstphotography-0_10-0 libgstphotography-0_10-0-32bit libgstsignalprocessor-0_10-0 libgstsignalprocessor-0_10-0-32bit libgstvdp-0_10-0 libgstvdp-0_10-0-32bit java-1_7_0-openjdk java-1_7_0-openjdk-demo java-1_7_0-openjdk-devel kde4-l10n-ar kde4-l10n-cs kde4-l10n-da kde4-l10n-da-data kde4-l10n-da-doc kde4-l10n-de kde4-l10n-en_GB kde4-l10n-es kde4-l10n-es-data kde4-l10n-es-doc kde4-l10n-fr kde4-l10n-fr-data kde4-l10n-fr-doc kde4-l10n-hu kde4-l10n-it kde4-l10n-it-data kde4-l10n-it-doc kde4-l10n-ja kde4-l10n-ko kde4-l10n-nb kde4-l10n-nl kde4-l10n-nl-data kde4-l10n-nl-doc kde4-l10n-pl kde4-l10n-pl-data kde4-l10n-pl-doc kde4-l10n-pt kde4-l10n-pt_BR kde4-l10n-pt_BR-data kde4-l10n-pt_BR-doc kde4-l10n-ru kde4-l10n-ru-data kde4-l10n-ru-doc kde4-l10n-sv kde4-l10n-sv-data kde4-l10n-sv-doc kde4-l10n-zh_CN kde4-l10n-zh_TW kdebase4-runtime-xine kernel-bigsmp-devel lcms2 liblcms2-2 pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc libvdpau1 libvdpau1-32bit novell-qtgui novell-qtgui-cli novell-ui-base openssh-askpass-gnome orca orca-lang pwlib-plugins-avc pwlib-plugins-dc pwlib-plugins-v4l2 rpcbind vorbis-tools wpa_supplicant-gui xfsprogs xscreensaver libstdc++6-locale openssh-helpers conntrack-tools sle-hae-release ctdb hawk hawk-templates cluster-network-kmp-bigsmp cluster-network-kmp-default cluster-network-kmp-pae cluster-network-kmp-ppc64 cluster-network-kmp-trace cluster-network-kmp-xen gfs2-kmp-bigsmp gfs2-kmp-default gfs2-kmp-pae gfs2-kmp-ppc64 gfs2-kmp-trace gfs2-kmp-xen ocfs2-kmp-bigsmp ocfs2-kmp-default ocfs2-kmp-pae ocfs2-kmp-ppc64 ocfs2-kmp-trace ocfs2-kmp-xen drbd-kmp-bigsmp csync2 graphviz-python cluster-network-kmp-bigmem drbd drbd-bash-completion drbd-heartbeat drbd-kmp-bigmem drbd-kmp-default drbd-kmp-pae drbd-kmp-ppc64 drbd-kmp-trace drbd-kmp-xen drbd-pacemaker drbd-udev drbd-utils drbd-xen gfs2-kmp-bigmem ocfs2-kmp-bigmem libpacemaker-devel libpacemaker3 pacemaker pacemaker-cli pacemaker-remote ldirectord nagios-plugins-metadata resource-agents sle-pos-release firefox-fontconfig firefox-libffi4 firefox-libstdc++6 POS_Image-Minimal3 POS_Image-Netboot-hooks POS_Image-Tools POS_Image3 POS_Migration POS_Server-Admin3 POS_Server-AdminGUI POS_Server-AdminTools3 POS_Server-BranchTools3 POS_Server-Modules3 POS_Server3 admind admind-client posbios SDL aide arpwatch aspell aspell-ispell atftp cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-saslauthd cyrus-sasl-sqlauxprop libdjvulibre21 gcc43 gcc43-c++ gcc43-info gcc43-locale libstdc++43-devel gdb kernel-ec2 kernel-ec2-base kernel-ec2-devel libcaca libcares2 libcdio7 libcdio_cdda0 libcdio_paranoia0 libcroco-0_6-3 libesmtp libtcnative-1-0 log4j microcode_ctl mozilla-nss-certs patch perl-DBI perl-XML-LibXML python-numpy libsqlite3-0 sqlite3 supportutils tightvnc transfig libwavpack1 xerces-j2 liblzma5 xz xz-lang zlib zsh brocade-bna-kmp-rt cluster-network-kmp-rt cluster-network-kmp-rt_trace drbd-kmp-rt drbd-kmp-rt_trace iscsitarget-kmp-rt kernel-rt kernel-rt-base kernel-rt-devel kernel-rt_trace kernel-rt_trace-base kernel-rt_trace-devel kernel-source-rt kernel-syms-rt ocfs2-kmp-rt ocfs2-kmp-rt_trace ofed-kmp-rt SLE_RT-release iscsitarget-kmp-rt_trace lttng-modules-kmp-rt lttng-modules-kmp-rt_trace ofed-kmp-rt_trace gfs2-kmp-rt gfs2-kmp-rt_trace java-1_4_2-ibm-sap java-1_4_2-ibm-sap-devel sap_suse_cluster_connector clamsap rhn-virtualization-common rhn-virtualization-host rhncfg rhncfg-actions rhncfg-client rhncfg-management koan rhnmd spacewalk-backend-libs spacewalk-certs-tools rhnlib spacecmd spacewalk-check spacewalk-client-setup spacewalk-client-tools mgr-cfg mgr-cfg-actions mgr-cfg-client mgr-cfg-management mgr-daemon mgr-osad mgr-virtualization-host python2-mgr-cfg python2-mgr-cfg-actions python2-mgr-cfg-client python2-mgr-cfg-management python2-mgr-osa-common python2-mgr-osad python2-mgr-virtualization-common python2-mgr-virtualization-host python2-rhnlib spacewalk-remote-utils python2-spacewalk-check python2-spacewalk-client-setup python2-spacewalk-client-tools salt salt-doc salt-minion golang-github-wrouesnel-postgres_exporter mgr-custom-info mgr-push python2-mgr-push python2-spacewalk-koan python2-spacewalk-oscap python2-suseRegisterInfo python2-uyuni-common-libs spacewalk-koan spacewalk-oscap supportutils-plugin-susemanager-client suseRegisterInfo python-pycrypto libzmq3 SUSE_SLES_SAP-release gconf2 gconf2-32bit gconf2-x86 libidl libidl-32bit libidl-x86 orbit2 orbit2-32bit orbit2-x86 procps acl libacl libacl-32bit libacl-x86 libgcc43 libgcc43-32bit libgcc43-x86 libstdc++43 libstdc++43-32bit libstdc++43-x86 keyutils-libs keyutils-libs-32bit keyutils-libs-x86 libidn libidn-32bit libidn-x86 cyrus-sasl-32bit cyrus-sasl-crammd5-32bit cyrus-sasl-crammd5-x86 cyrus-sasl-gssapi-32bit cyrus-sasl-gssapi-x86 cyrus-sasl-otp-32bit cyrus-sasl-otp-x86 cyrus-sasl-plain-32bit cyrus-sasl-plain-x86 cyrus-sasl-x86 gtkhtml2 gtkhtml2-lang cdparanoia cdparanoia-32bit cdparanoia-x86 desktop-file-utils fam fam-32bit fam-x86 gnome-vfs2 gnome-vfs2-32bit gnome-vfs2-x86 gstreamer-0_10 libogg0 libogg0-32bit libogg0-x86 liboil liboil-32bit liboil-x86 iscsitarget iscsitarget-kmp-default iscsitarget-kmp-pae iscsitarget-kmp-ppc64 iscsitarget-kmp-vmi iscsitarget-kmp-xen java-1_5_0-bea java-1_5_0-bea-console java-1_5_0-bea-fonts java-1_5_0-bea-jdbc java-1_6_0-ibm-alsa-x86 java-1_6_0-ibm-x86 kde4-akonadi kde4-akregator kde4-kaddressbook kde4-kalarm kde4-kjots kde4-kmail kde4-knode kde4-knotes kde4-kontact kde4-korganizer kde4-ktimetracker kde4-ktnef kdepim4 kdepim4-wizards kdepimlibs4 libakonadi4 libkdepim4 libkdepimlibs4 kde4-gwenview kde4-kcolorchooser kde4-kruler kde4-ksnapshot kde4-okular libkipi5 kde4-kdm kde4-kwin kde4-kget kde4-knewsticker kde4-kopete kde4-krdc kde4-krfb utempter utempter-32bit utempter-x86 ext4dev-kmp-default ext4dev-kmp-pae ext4dev-kmp-ppc64 ext4dev-kmp-vmi ext4dev-kmp-xen kernel-kdump kernel-vmi kernel-vmi-base oracleasm-kmp-default kvm-kmp-default kvm-kmp-pae libHX13 libHX13-32bit libHX13-x86 zlib-32bit zlib-x86 libpoppler4 libtheora0 libtheora0-32bit libtheora0-x86 libvolume_id1 udev open-iscsi perl-IO-Socket-SSL websphere-as_ce libcmpiutil libvirt-cim virt-viewer yast2-ldap-server ConsoleKit ConsoleKit-32bit ConsoleKit-x11 ConsoleKit-x86 firefox-libgcc_s1 MozillaFirefox-translations-common MozillaFirefox-translations-other mozilla-nss-certs-32bit NetworkManager-kde4 NetworkManager-kde4-lang NetworkManager-kde4-libs NetworkManager-openvpn-kde4 NetworkManager-pptp-kde4 plasmoid-networkmanagement SuSEfirewall2 amanda apache2-mod_python apport apport-crashdb-sle apport-gtk aspell-32bit audiofile audiofile-32bit axis bluez libbluetooth3 cairo cairo-32bit cracklib cracklib-32bit ctags libexempi3 facter file-roller file-roller-lang mozilla-kde4-integration firefox-gio-branding-upstream firefox-glib2-lang firefox-glib2-tools firefox-gtk3-branding-upstream firefox-gtk3-data firefox-gtk3-immodule-amharic firefox-gtk3-immodule-inuktitut firefox-gtk3-immodule-multipress firefox-gtk3-immodule-thai firefox-gtk3-immodule-vietnamese firefox-gtk3-immodule-xim firefox-gtk3-immodules-tigrigna firefox-gtk3-lang firefox-gtk3-tools firefox-libgtk-3-0 libfirefox-gio-2_0-0 libfirefox-glib-2_0-0 libfirefox-gmodule-2_0-0 libfirefox-gobject-2_0-0 libfirefox-gthread-2_0-0 firefox-atk-lang firefox-gdk-pixbuf-lang firefox-gdk-pixbuf-query-loaders firefox-gdk-pixbuf-thumbnailer firefox-libatk-1_0-0 firefox-libcairo-gobject2 firefox-libcairo2 firefox-libffi7 firefox-libgdk_pixbuf-2_0-0 firefox-libharfbuzz0 firefox-libpango-1_0-0 firefox-at-spi2-core firefox-at-spi2-core-lang firefox-dbus-1-glib firefox-libatk-bridge-2_0-0 firefox-libatspi0 firefox-libfreetype6 firefox-libpixman-1-0 gcc43-32bit libstdc++43-devel-32bit libstdc++43-doc libatomic1-32bit libmpfr4 giflib-progs gmp gmp-32bit gnome-session gnome-session-lang gnuplot graphviz graphviz-gd graphviz-gnome guile gwenview kcolorchooser kruler ksnapshot libkexiv2-7 libkipi6 okular hunspell hunspell-32bit hunspell-tools inst-source-utils jakarta-commons-collections jakarta-commons-collections-javadoc jakarta-commons-collections-tomcat5 jakarta-taglibs-standard jakarta-taglibs-standard-javadoc kde4-l10n-bg kde4-l10n-ca kde4-l10n-csb kde4-l10n-el kde4-l10n-et kde4-l10n-eu kde4-l10n-fi kde4-l10n-ga kde4-l10n-gl kde4-l10n-hi kde4-l10n-is kde4-l10n-kk kde4-l10n-km kde4-l10n-ku kde4-l10n-lt kde4-l10n-lv kde4-l10n-mk kde4-l10n-ml kde4-l10n-nds kde4-l10n-nn kde4-l10n-pa kde4-l10n-ro kde4-l10n-sl kde4-l10n-th kde4-l10n-tr kde4-l10n-uk kde4-l10n-wa btrfs-kmp-default btrfs-kmp-pae btrfs-kmp-xen ext4dev-kmp-trace hyper-v-kmp-default hyper-v-kmp-pae hyper-v-kmp-trace less lha libcdio7-32bit libcroco-0_6-3-32bit db-doc db-utils db-utils-doc libdb-4_5 libdb-4_5-32bit libgssglue1 libical0 liblouis liblouis0 python-louis libnl libnl-32bit libopenssl0_9_8-hmac-x86 libpciaccess0 libpciaccess0-32bit libpciaccess0-x86 libraptor1 libunwind libunwind-devel minicom nautilus nautilus-32bit nautilus-lang libncurses5 libncurses5-32bit libncurses6 libncurses6-32bit ncurses-utils terminfo terminfo-base nmap yast2-ntp-client cxgb3-firmware libslp1-openssl1-32bit libopenssl1-devel-32bit pam_pkcs11 pam_pkcs11-32bit perf perl-Archive-Zip perl-Config-General perl-Convert-ASN1 perl-PlRPC policycoreutils rpm-python postgresql-init postgresql10 postgresql10-contrib postgresql10-docs postgresql10-server postgresql10-devel libpython2_7-1_0 libpython2_7-1_0-32bit python27 python27-32bit python27-base python27-base-32bit python27-curses python27-demo python27-devel python27-doc python27-doc-pdf python27-gdbm python27-idle python27-tk python27-xml python-rpm-macros python27-setuptools quota quota-nfs rzsz sane-backends screen libspeex libspeex-32bit libsqlite3-0-32bit libjack0 xorg-x11-libICE xorg-x11-libICE-32bit xorg-x11-libXdmcp xorg-x11-libXpm xorg-x11-libXpm-32bit liblzma5-32bit yast2-storage yast2-storage-lib libpq5-x86 ansible libyaml-0-2 python-PyYAML python-ecdsa python-paramiko python-coverage python-passlib libavahi-glib1 libavahi-glib1-32bit cloud-init cloud-init-config-suse cloud-init-doc cyrus-sasl-digestmd5-32bit cyrus-sasl-sqlauxprop-32bit dosfstools MozillaFirefox-branding-SLES-for-VMware fontconfig fontconfig-32bit fribidi fribidi-32bit giflib-x86 grep intel-SINIT kernel-bigsmp kernel-bigsmp-base iscsitarget-kmp-bigsmp ofed-kmp-bigsmp oracleasm-kmp-bigsmp libcap-ng-utils libcap-ng0 libcap-ng0-32bit python-pip python27-Jinja2 python27-ecdsa python27-boto3 python27-botocore python27-s3transfer python27-urllib3 growpart python27-Cheetah python27-MarkupSafe python27-PrettyTable python27-PyJWT python27-PyYAML python27-argparse python27-blinker python27-cffi python27-configobj python27-cryptography python27-dateutil python27-docutils python27-enum34 python27-futures python27-httplib2 python27-idna python27-ipaddress python27-jmespath python27-jsonpatch python27-jsonpointer python27-jsonschema python27-lockfile python27-oauth python27-oauthlib python27-paramiko python27-ply python27-pyasn1 python27-pyasn1-modules python27-pycparser python27-pycrypto python27-pyserial python27-pytest python27-python-daemon python27-requests python27-simplejson python27-six tboot SDL-x86 audiofile-x86 libavahi-glib1-x86 cairo-x86 cracklib-x86 crash-eppic fontconfig-x86 libffi4 libffi4-32bit ipmitool kernel-bigmem kernel-bigmem-base kernel-bigmem-devel kernel-firmware iscsitarget-kmp-bigmem iscsitarget-kmp-trace ofed-kmp-bigmem oracleasm oracleasm-kmp-bigmem oracleasm-kmp-pae oracleasm-kmp-ppc64 oracleasm-kmp-trace oracleasm-kmp-xen libdb-4_5-x86 perl-Sys-Virt nautilus-x86 libncurses5-x86 libncurses6-x86 libvmtools0 open-vm-tools open-vm-tools-desktop pam_pkcs11-x86 libspice-server1 libsqlite3-0-x86 xorg-x11-libICE-x86 xorg-x11-libXdmcp-x86 xorg-x11-libXpm-x86 0:0.9.1-154.24 11.1 0:3.5.9-0.1.1 0:0.7.0.r4359-15.22.49 0:0.7.0.r1053-11.16.61 0:1.6.1-83.17.1 0:0.3.14-2.12.105 0:0.5.12-23.40.5 0:0.5.12-23.40.6 0:2.17.35-0.2.17 0:0.9-14.34.9 0:0.9-14.34.11 0:2.6.2-1.14 0:2.2.10-2.24.5 0:2.0.4-40.19 0:5.2.6-50.24.1 0:0.6.23-11.19.22 0:9.5.0P2-20.7.1 0:1.36.0-11.17 0:1.0.5-34.246 0:3.4.3-1.17.2 0:1.34b-11.17.2 0:0.96-0.12.1 0:1.1.0-22.24 0:4.1-194.24.4 0:1.3.9-8.30.1 0:7.19.0-11.24.25 0:2.3.11-60.21.1 0:1.2.10-3.11.29 0:1.2.10-3.11.33 0:3.1.3.ESV-0.3.38 0:1.41.9-2.1.51 0:22.3-4.32.4 0:1.6.4-152.17.55 0:2.28.2-0.2.68 0:2.28.2-0.10.9 0:2.0.1-88.26.1 0:6.3.8.90-13.16.1 0:4.24-43.17 0:4.4.0-38.24.11 0:2.1.1-7.7.19.77 0:2.3.7-25.10.1 0:2.3.7-25.9 0:2.7.2-61.18.1 0:2.5.26-1.25 0:1.1.36-26.31 0:2.0.36.RC1-52.18 0:8.62-32.27.31 0:4.2.7-32.27.31 0:2.22.5-0.2.23 0:2.2.23-1.41.1 0:2.4.8-1.2.55 0:2.28.3-0.4.30 0:2.4.1-24.19.1 0:2.0.9-25.25.1 0:0.10.25-1.1.133 0:0.10.17-1.1.126 0:2.18.9-0.4.1 0:7.2-8.8 0:1.3.12-69.19.1 0:3.9.8-3.4.30 0:0.7.3-1.1.93 0:1.4.2_sr13.3-1.1.1 0:1.6.0_sr7.0-1.6.21 0:4.3.5-0.8.35 0:4.3.5-0.8.40 0:3.5.10-20.31 0:3.5.10-23.27.1 0:4.3.5-0.2.46 0:2.6.32.12-0.7.1 0:1.6.3-133.27.1 0:1.6.3-133.21 0:1.6.3-133.12 0:0.12.3-0.11.1 0:1.17-77.14.19 0:6.4.3.6-7.20.1 0:4.6.2-1.6.9 0:4.6.2-1.6.11 0:4.6.2-1.6.10 0:1.4-73.21 0:1.3.4-12.20.2 0:1.3.3-11.16.1 0:2.5.5-5.19 0:2.4.17-0.3.12 0:0.6.17-2.12 0:0.17.1-31.20 0:2.28.0-1.2.20 0:4.0-7.24.11 0:2.2.6-2.131.1 0:2.1.5-5.18 0:5.0.67-13.20.1 0:0.28.3-2.12.1 0:10.26.44-101.9.1 0:0.11.6-5.25.1 0:0.9.8h-30.27.11 0:1.2.31-5.12.1 0:0.12.3-1.2.44 0:0.9.21-1.5.26 0:2.6.0-8.9.20 0:0.8.4-194.23.38 0:0.18-1.15 0:0.2.1-1.2.16 0:0.1.4-1.15 0:1.0.20-2.1.46 0:5.4.2.1-8.2.1 0:2.28.2-0.1.151 0:3.8.2-141.8.1 0:0.7.6-1.9.8 0:1.2.0-79.12 0:2.7.6-0.1.37 0:1.1.24-19.15 0:1.2.10-1.36 0:2.1.12-0.1.1 0:2.5.2-17.16 0:2.0.1-1.19.1 0:1.9.0.19-0.1.1 0:1.9.1.9-1.12.1 0:1.5.17-42.33.1 0:3.0.6-1.21.1 0:1.4.13-1.35 0:4.2.4p8-1.3.28 0:5.1p1-41.31.36 0:2.6.16-1.34.3 0:2.0.9-143.31 0:1.0.4-0.5.12 0:2.3.1-47.10.15 0:184-147.20 0:0.47-13.13.65 0:5.10.0-64.47.8 0:3.56-1.18.1 0:804.028-50.24 0:3.2.5-26.22.18 0:8.3.9-0.1.1 0:0.24.8-1.3.5 0:2.6.0-8.9.28 0:3.3.8b-88.21 0:0.99.15-0.1.55 0:3.0.4-2.33.82 0:1.8.7.p72-5.24.2 0:2.7.STABLE5-2.4.1 0:1.5final-28.19 0:1.6.9p17-21.3.1 0:2.0.9-27.27.19 0:8.1.5-7.9.56 0:1.0-0.15.16 0:1.20-23.23.1 0:3.80.2-2.8 0:5.52-142.23.43 0:0.5.2-132.1.37 0:1.11.4-1.15.1 0:1.0.5-1.34.1 0:1.0.2-36.18 0:4.0.0_21091_04-0.2.6 0:4.0.0_21091_04_2.6.32.12_0.7-0.2.6 0:7.4-9.24.15 0:7.4-27.19.19 0:3.02-138.26.1 0:238-1.16 0:2.10-911.22 11.2 0:10.0-0.3.2 0:0.7.1_git20090811-3.20.5 0:0.7.1-5.22.28 0:0.3.14-2.23.126 0:0.5.12-23.58.22 0:0.5.12-23.58.21 0:0.9-14.39.1 0:0.9-14.39.2 0:11-6.65.1 0:1.0.6-91.16.1 0:2.7.0-18.7.1 0:2.2.12-1.28.1 0:1.2.26-1.30.110 0:5.2.14-0.7.24.1 0:5.3.8-0.19.6 0:9.6ESVR5P1-0.8.1 0:1.0.5-34.253.1 0:5.1-0.4.9 0:0.97.3-0.2.1 0:4.1-194.199.1 0:1.3.9-8.44.1 0:7.19.7-1.18.1 0:2.3.11-60.65.64.1 0:1.2.10-3.23.1 0:0.76-34.22.1 0:4.2.3.P2-0.7.2 0:3.2.3-44.28.1 0:1.0.22-3.21.2 0:1.41.9-2.7.1 0:61-1.29.1 0:0.2-1001.30.1 0:22.3-4.40.1 0:1.6.4-152.22.1 0:2.28.2-0.7.2 0:2.28.2-0.26.33.14 0:6.3.8.90-13.20.19.1 0:4.24-43.19.1 0:4.4.0-38.26.1 0:3.0.2-269.35.1 0:2.1.1-7.10.1 0:2.3.7-25.28.1 0:2.7.2-61.23.1 0:8.62-32.28.1 0:4.2.7-32.28.1 0:2.11.3-17.31.1 0:2.2.23-1.50.1 0:2.28.3-0.28.1 0:2.4.1-24.39.33.1 0:2.0.9-25.33.27.1 0:0.10.35-5.15.8 0:0.10.30-5.8.11 0:2.18.9-0.21.4 0:7.2-8.15.2 0:3.11.10-0.6.7.1 0:1.4.2_sr13.10-0.4.1 0:1.6.0_sr9.3-0.4.1 0:1.14.1-16.31.1 0:4.3.5-0.10.2 0:4.3.5-0.6.1 0:4.3.5-0.4.1 0:3.0.13-0.27.1 0:1.6.3-133.48.48.1 0:0.15.1-0.17.3 0:1.34b-12.18.3 0:3.6.3-0.18.3 0:6.4.3.6-7.22.1 0:4.6.3-5.12.1 0:1.3.4-12.22.21.2 0:1.3.4-12.22.21.1 0:1.3.3-11.18.17.1 0:2.11-2.17.1 0:0.34-2.5.1 0:2.4.27-0.6.6 0:3.13.1-0.2.1 0:2.6.7-0.5.76 0:1.0.0-307.10.1 0:4.0-7.26.1 0:5.0.94-0.2.4.1 0:0.29.6-6.7.1 0:0.52.10-1.35.7 0:0.11.6-5.27.1 0:0.9.8j-0.26.1 0:1.2.31-5.25.1 0:0.12.3-1.3.1 0:0.9.23-0.7.128 0:2.6.0-8.12.2 0:4.6.3-5.10.1 0:0.2.1-1.5.1 0:2.26.0-2.3.1 0:1.0.20-2.4.1 0:5.4.2.1-8.12.6.1 0:2.32.2-4.7.1 0:3.8.2-141.142.1 0:0.9.6-0.13.42 0:1.2.0-79.13.1 0:3.0.3-0.6.1 0:11-1.22.1 0:3.2.15-0.13.1 0:2.7.6-0.13.1 0:0.9-1.24.1 0:3.7.7-10.24.1 0:7.3.6-65.72.1 0:2.02.84-3.25.5 0:2.1.14-9.2.1 0:2.0.2.umip.0.4-8.7.1 0:2.6.7-0.7.19 0:1.9.2.24-0.3.1 0:1.9.2.24-0.3.2 0:3.0.6-1.25.24.1 0:4.2.4p8-1.16.1 0:1.5.2-0.22.23 0:1.5.2_3.0.13_0.27-0.22.23 0:1.2.0-172.22.1 0:5.1p1-41.51.1 0:2.6.16-1.36.1 0:2.4-662.18.1 0:1.1.5-0.10.17 0:1.26.2-1.3.1 0:1.3.8-3.15.1 0:1.4.102-1.37.3 0:5.10.0-64.55.1 0:5.816-2.23.1 0:3.3.1-10.8.3 0:8.3.14-0.2.1 0:2.6.12-0.10.1 0:1.0.22-3.15.1 0:1.5.11-0.9.96 0:0.99.15-0.6.2 0:1.1-1.24.4.1 0:3.0.4-2.38.1 0:5.8.7-0.5.5 0:1.8.7.p357-0.7.1 0:2.7.STABLE5-2.10.1 0:3.1.12-8.10.1 0:1.4-13.6.1 0:1.5final-28.21.1 0:1.7.6p2-0.2.4.1 0:0.71.47-0.7.1 0:2.0.9-27.32.1 0:8.1.5-7.32.1 0:1.0.8-9.16.1 0:1.5-0.7.54 0:5.1.1-100.19.1 0:1.26-1.2.4.1 0:0.48-101.20.1 0:0.9.10-0.15.1 0:6.0.18-20.35.36.1 0:6.00-11.7.1 0:0.22.5-0.2.1 0:0.5.2-132.2.1 0:1.4.10-0.2.1 0:4.1.2_14-0.5.5 0:4.1.2_14_3.0.13_0.27-0.5.5 0:7.4-9.47.1 0:7.4-27.60.5 0:7.4-8.26.32.1 0:2.17.119-0.5.25 0:2.17.44-0.5.3 11.3 0:9.0.3-0.17.1 0:17.0.4esr-0.10.42 0:0.7.1_git20090811-3.28.2 0:0.3.14-2.28.46 0:0.5.12-23.68.1 0:0.9-14.41.1 0:11-6.90.1 0:1.0.6-91.25.20 0:1.7.1-20.9.53 0:1.7.1-16.9.65 0:2.2.12-1.38.2 0:5.3.17-0.13.7 0:2.7.1-0.2.12.1 0:4.3.5-0.3.3 0:0.6.23-11.30.4 0:9.6ESVR7P4-0.10.1 0:1.36.0-12.3.1 0:5.1-0.11.1 0:0.97.7-0.3.1 0:2.3.37-2.24.36 0:2.4.26-0.24.36 0:4.1-194.207.1 0:1.3.9-8.46.46.1 0:7.19.7-1.26.8 0:1.12.12-144.23.5.1 0:1.2.10-3.27.1 0:4.2.4.P2-0.16.15 0:3.2.3-44.30.1 0:1.41.9-2.9.1 0:61-1.33.1 0:2.28.2-0.29.24 0:2.0.1-88.34.1 0:4.24-43.23.1 0:2.1.1-7.16.7 0:2.3.7-25.32.1 0:2.8.7-0.9.12 0:8.62-32.34.1 0:4.2.7-32.34.1 0:2.22.5-0.8.8.1 0:2.11.3-17.54.1 0:2.28.3-0.32.1 0:2.4.1-24.39.45.1 0:2.0.9-25.33.31.1 0:2.18.9-0.23.1 0:1.20.4-0.14.9 0:1.3.12-69.23.1 0:5-0.7.10 0:1.5.7-0.7.31 0:3.0.1-253.36.1 0:1.6.0_sr13.1-0.9.1 0:1.7.0_sr4.1-0.5.1 0:6b-879.12.1 0:6.2.0-879.12.1 0:4.3.5-0.12.12.1 0:4.3.5-0.10.1 0:3.0.76-0.11.1 0:1.6.3-133.49.54.1 0:1.4.1-0.11.1 0:1.34b-12.39.1 0:3.6.3-0.39.1 0:6.4.3.6-7.26.1 0:4.6.3-5.25.5 0:4.6.3-5.25.4 0:1.3.3-11.18.19.1 0:0.37.1-5.16.1 0:2.4.41-0.8.46 0:9.1.9-0.3.1 0:0.6.17-2.14.1 0:3.14.3-0.11.11 0:2.28.0-1.9.24 0:4.0-7.26.15 0:5.0.96-0.6.1 0:5.5.31-0.7.10 0:0.52.10-1.35.113 0:0.9.8j-0.50.1 0:3.2.0-10.3.1 0:1.2.31-5.31.1 0:0.12.3-1.8.1 0:0.3.1-2.6.1 0:0.3.1-2.6.3 0:2.6.8-0.15.1 0:5.4.2.1-8.12.16.1 0:2.32.2-4.13.1 0:1.9.4-0.12.24 0:3.8.2-141.152.1 0:0.3.10-0.9.50 0:2.6.2-0.2.4.1 0:1.0.5.1-0.7.10 0:1.2.0-79.20.1 0:2.7.6-0.23.1 0:1.1.24-19.21.1 0:3.7.7-10.26.1 0:2.02.98-0.25.3 0:2.1.14-9.6.1 0:2.6.7-0.9.1 0:1.9.2.27-0.2.1 0:3.0.6-1.25.28.1 0:1.4.16-0.11.35 0:1.2.3-18.31.1 0:4.2.4p8-1.22.1 0:1.5.4.1-0.11.5 0:1.5.4.1_3.0.76_0.11-0.11.5 0:2.4.2-0.9.12 0:6.2p2-0.9.1 0:2.0.9-143.38.22 0:2.3.1-47.12.1 0:0.47-13.16.1 0:5.10.0-64.67.52 0:0.2808.01-0.67.52 0:0.72-0.67.52 0:8.3.23-0.4.1 0:2.6.18-0.4.2 0:1.0.22-3.19.1 0:0.5.0-3.20.1 0:0.99.15-0.12.1 0:3.0.4-2.47.28 0:5.10.1-0.7.49 0:1.8.7.p357-0.9.9.1 0:1.3.11-0.19.1 0:1.7.0.0-1.16.1 0:2.7.STABLE5-2.12.12.1 0:3.1.12-8.12.1 0:1.5final-28.23.23.1 0:4.54-0.9.24 0:1.7.6p2-0.17.5 0:0.71.61-0.11.12 0:2.0.9-27.34.36.1 0:8.1.5-7.45.24 0:1.0.8-9.23.44 0:1.5-0.9.1 0:5.1.1-100.21.1 0:1.5-19.23.4 0:0.48-101.31.27 0:0.9.10-0.17.1 0:6.0.18-20.35.40.1 0:2.3.1-0.9.40 0:1.2.1-0.7.19 0:1.8.6-0.2.1 0:3.3.12-517.12.34 0:4.2.2_04-0.7.5 0:4.2.2_04_3.0.76_0.11-0.7.5 0:7.4-9.62.46 0:7.4-27.81.7 0:7.4-1.29.1 0:7.3.99-17.11.1 0:7.3.99-3.20.1 0:2.17.129-0.7.2 0:2.17.45-0.5.1 11.4 0:9.0.3-0.28.29.2 0:31.7.0esr-0.8.1 0:0.3.14-2.30.11 0:0.5.12-23.76.1 0:0.9-14.43.1 0:4.13-1326.37.1 0:11-6.105.1 0:1.7.1-20.11.1 0:1.7.1-16.11.1 0:2.2.12-1.51.52.1 0:1.2.40-0.2.1 0:1.0.8-0.4.13.1 0:2.0.4-40.24.1 0:5.3.17-0.41.1 0:2.7.1-0.2.18.1 0:0.9.0-3.15.1 0:1.10.1-4.131.9.1 0:0.6.23-11.32.1 0:3.2-147.27.35 0:5.2-147.27.35 0:9.9.6P1-0.5.5 0:9.9.6P1-0.5.1 0:2.24-3.62 0:1.36.0-12.6.49 0:1.49.0-0.13.3 0:5.1-0.14.46 0:0.98.7-0.3.1 0:2.3.37-2.30.1 0:2.4.26-0.30.1 0:8.12-6.25.32.33.1 0:2.9-75.78.1 0:4.1-194.211.213.1 0:1.3.9-8.46.56.1 0:7.19.7-1.42.1 0:1.5.2-1.36 0:1.2.10-3.31.1 0:4.2.4.P2-0.22.1 0:2.71-0.14.9 0:1.41.9-2.14.3 0:0.152-4.9.17 0:22.3-4.42.1 0:2.28.2-0.32.1 0:0.95-1.24.1 0:4.24-43.27.1 0:2.1.1-7.18.1 0:2.3.7-25.35.36.1 0:2.8.7-0.11.1 0:2.0.36.RC1-52.20.1 0:2.22.5-0.8.14.1 0:2.11.3-17.84.1 0:2.28.3-0.39.17 0:2.4.1-24.39.55.1 0:2.0.9-25.33.39.1 0:1.1.6-25.32.1 0:0.10.30-5.12.15 0:1.20.12-0.18.70 0:3.11.10-0.6.11.1 0:6-3.5 0:1.5.7-0.15.22 0:0.7.3-1.4.1 0:1.1.1-1.37.1 0:1.7.1_sr3.0-1.1 0:1.14.1-16.33.1 0:4.3.5-0.12.18.1 0:4.3.5-0.11.18.1 0:4.3.5-0.3.1 0:4.3.5-0.14.1 0:2.4.4-255.28.1 0:3.0.101-63.1 0:1.6.3-133.49.66.1 0:1.4.2-30.5 0:1.17-77.16.1 0:1.34b-12.58.1 0:3.6.3-0.58.1 0:1.2.1-68.17.1 0:6.4.3.6-7.30.1 0:4.6.3-5.34.2 0:1.3.4-12.22.23.1 0:1.3.3-11.18.19.8 0:2.19.1-6.72.1 0:0.41.rc1-2.34 0:2.4.52-0.7.1 0:9.4.4-0.6.2 0:1.4.5-24.24.1 0:3.17.3-0.8.11 0:4.8.3+r212056-2.17 0:1.5.0-0.17.1 0:2.28.0-1.13.1 0:1.900.1-134.17.1 0:1.0.4-1.18.1 0:2.03-12.3.1 0:2.3.2-3.118.2 0:2.3.2-3.118.1 0:0.0.20060920alpha-74.5.1 0:5.5.43-0.7.3 0:5.0.96-0.6.20 0:0.9.8j-0.70.1 0:0.24.4-0.15.1 0:1.2.31-5.33.1 0:0.12.3-1.10.1 0:0.9.23-0.17.1 0:2.6.9-0.35.1 0:0.2.1-1.7.1 0:1.0.20-2.6.5 0:5.4.2.1-8.12.22.1 0:1.2.9-4.2.4.1 0:1.9.4-0.16.1 0:1.5-1.30.1 0:3.8.2-141.154.1 0:0.3.10-0.11.1 0:1.2.5-3.76 0:2.2.3-0.8.1 0:1.4-1.38.24 0:11-1.25.26 0:3.2.15-0.17.28 0:2.7.6-0.31.1 0:1.1.24-19.23.1 0:3.7.7-10.30.1 0:7.3.6-65.74.1 0:2.02.98-0.33.1 0:0.8.0-0.23.2 0:12.5-1.9.1 0:2.6.7-0.13.1 0:4.10.7-0.3.3 0:1.5.17-42.39.1 0:3.0.6-1.25.36.1 0:2.12-24.4.10.1 0:1.4.16-0.13.1 0:1.2.3-18.38.43.1 0:4.2.8p2-2.18 0:1.5.4.1-20.26 0:1.5.4.1_3.0.101_63-20.26 0:3.2-0.11.26 0:1.2.0-172.24.1 0:6.6p1-4.7 0:2.0.9-143.44.1 0:1.1.5-0.15.9 0:5.10.0-64.72.1 0:0.2808.01-0.72.1 0:0.72-0.72.1 0:1.7-37.63.64.1 0:4.4.2.3-37.63.64.1 0:1.2.22-2.1 0:2.6.7-1.31 0:2.4.5.git-2.29.1 0:3.22-240.8.1 0:2.7.26-0.5.1 0:1.0.22-3.25.1 0:1.1.6-168.34.1 0:2.3.6-0.13.1 0:0.7-6.22.1 0:0.99.15-0.14.11 0:1.1-1.24.8.19 0:5.10.1-0.11.1 0:1.8.7.p357-0.9.17.1 0:1.3.11-0.23.2 0:8.14.3-50.24.1 0:0.7.318.81ee561d-0.9.2 0:2.7.STABLE5-2.12.16.1 0:3.1.12-8.16.20.1 0:1.5final-28.23.25.1 0:4.4.0-6.25.1 0:1.7.6p2-0.23.1 0:0.71.61-0.13.1 0:8.1.5-7.50.25 0:1.26-1.2.6.1 0:3.9.8-1.27.1 0:6.0.41-0.43.1 0:6.00-11.13.1 0:2.28.1-2.5.1 0:1.2.1-10.41 0:2.0.7-4.35.1 0:1.11.4-1.19.1 0:1.10.13-0.2.1 0:0.7.1-6.15.1 0:2.7.0-217.26.1 0:4.4.2_08-1.7 0:4.4.2_08_3.0.101_63-1.7 0:2.3.14-130.133.1 0:7.4-9.65.46 0:7.4-27.105.1 0:7.4-5.11.11.7 0:7.4-5.11.11.1 0:7.4-1.18.2 0:7.4-1.16.8 0:7.4-1.16.2 0:7.4-1.18.7 0:7.4-1.18.1 0:7.4-1.19.8 0:7.4-1.19.2 0:7.4-8.26.44.1 0:7.3.99-3.22.1 0:2.17.140-1.1 0:2.17.46-0.5.1 0:7.19.7-1.55.1 0:11.3-0 0:7.19.7-0.38.1 0:2.4.26-0.28.8 0:1.0.1g-0.12.1 0:1.2.0-172.26.1 0:5.4.2.1-8.12.31.1 0:12.5-1.11.2 0:6.6p1-10.1 0:2.3.2-0.10.3.1 0:1.3.11-0.28.1 0:4.54-0.11.1 0:2.0.7-4.43.1 0:1.11.4-1.26.1 0:1.2.5-4.33.1 0:2.8.0-29.17.1 0:2.2-31.27.1 0:2.24-3.18 0:6.2.18-4.31.2 0:2011.10.10-0.7.10 0:15.6-95.22 0:1.0.114.6-0.11.1 0:10.3.1.4-1.16 0:2.28.2-0.13.49 0:2.28.2-0.30.1 0:2.0-20.31 0:2.6.6-0.25.2 0:0.22.0-294.26.1 0:2.6.2-3.34.45.1 0:1.7.12.4-0.9.1 0:2.2.7-1.35 0:1.9.14-401.20 0:1.4.2-2.18.53 0:0.46-62.43.1 0:1.8.2-1.24.1 0:0.15.1b-130.17 0:3.1.11a-116.2.1 0:3.6.10-0.3.1 0:4.0.3.3.26-0.10.2 0:4.0.3.3.26-0.10.1 0:3.4.5.5-0.3.1 0:0.4.5-2.7.1 0:0.2-5.20.1 0:0.1.9-9.19.1 0:0.5.3-126.25 0:1.0.1-0.1.141 0:1.2.7-0.17.1 0:0.2.8.4-206.27.4 0:0.8.14-4.33 0:1.1.15-23.3.9 0:1.8.17-481.19.5 0:1.8.17-481.19.2 0:0.1.3-0.10.16.2 0:1.4.20-2.54.1 0:2.8.6-143.19 0:1.2.6-5.17.1 0:2.3.2-0.9.2 0:2.0.3-249.21.1 0:0.7.1-2.29.1 0:0.4.6-2.7.90 0:0.139.2-0.3.1 0:2.10.3-1.20.1 0:1.10.10-120.35.1 0:2.0.1-28.20.1 0:0.56.2-1.9.1 0:0.6c11-5.2.1 0:0.10.1-0.5.7.1 0:0.99.15-0.14.1 0:3.2.12-0.9.1 0:3.2.12-0.19.1 0:3.2.12-0.5.8 0:3.2.12-0.5.10 0:3.2.12-0.7.9 0:3.2.12-0.11.1 0:1.7.0-0.7.1 0:0.6.0-0.8.1 0:1.2.0-0.4.4 0:1.4.5-0.5.8 0:1.3.2-0.12.5.1 0:3.9.1-0.8.3 0:2.2.1-0.7.11.1 0:9.05-1.19.1 0:1.1.7-7.23.2 0:1.2.9-162.37.1 0:1.6.17-1.33.1 0:0.7.10-2.19.1 0:2007-219.34.6 0:3.8.1-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6-2.19.5.1 (x86_64) 0:2.2.45-28.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.26.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.11.2-0.9.1 (ppc64|s390x|x86_64) 0:7.11.2-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2-31.27.1 (i586|x86_64) 0:5.2.14-0.7.30.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2.14-0.7.30.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.8-0.43.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.1-0.2.14.1 (i586|x86_64) 0:1.10.1-4.131.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.4P2-0.6.1 (ppc64) 0:9.9.4P2-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.7-0.9.1 (ppc64) 0:2.6.7-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-0.33.39.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.9-8.46.48.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.20.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4.P2-0.11.13.1 (i586|x86_64) 0:0.95-1.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.6-0.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.2-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.13.6-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.3-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.14-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.4-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.14.1-0.3.1 (i586|ia64|s390x|x86_64) 0:0.3.8-56.51.1 (i586|x86_64) 0:0.3.8-56.51.1 (i586|ia64|s390x|x86_64) 0:0.3.8-56.44.45.129 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.5-0.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.14.2-0.4.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.6-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.14.3-0.4.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.1-7.16.1 (i586|x86_64) 0:2.1.1-7.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.32.1 (ppc64|s390x|x86_64) 0:2.3.7-25.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.34.1 (i586|x86_64) 0:2.11.3-17.45.49.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.23.1 (ppc64) 0:2.18.9-0.23.1 (i586|x86_64) 0:4.0-7.26.15 (x86_64) 0:4.0-7.26.15 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-7.26.15 (ppc64|s390x|x86_64) 0:4.0-7.26.15 (i586|ia64|ppc64|s390x|x86_64) 0:0.46-62.38.1 (i586|x86_64) 0:2.4.2-170.21.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.2-170.21.3.1 (i586|x86_64) 0:1.4.2_sr13.18-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.2_sr13.18-0.4.1 (i586|x86_64) 0:1.6.0_sr15.0-0.5.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr15.0-0.5.1 (i586|ppc64|s390x|x86_64) 0:1.7.0_sr6.0-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.12.1 (x86_64) 0:4.3.5-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.58.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.58.1 (i586|x86_64) 0:1.6.3-133.49.58.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.17-77.16.1 (ppc64|s390x|x86_64) 0:1.17-77.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-0.24.4 (i586|ia64|ppc64|s390x|x86_64) 0:4.6.3-5.20.23.1 (ppc64|s390x|x86_64) 0:4.6.3-5.20.23.1 (ia64) 0:4.6.3-5.20.23.1 (noarch) 0:4.6.3-5.20.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.1.9-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.0-0.15.2 (ppc64|s390x|x86_64) 0:1.5.0-0.15.2 (i586|ia64|ppc64|s390x|x86_64) 0:5.0.96-0.6.1 (ppc64|s390x|x86_64) 0:5.0.96-0.6.1 (ia64) 0:5.0.96-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.0-10.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.10-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.16.0-1.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.12.3-1.8.1 (i586|x86_64) 0:0.12.3-1.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.3.1-2.6.1 (i586|x86_64) 0:3.5.4.13-0.3.1 (noarch) 0:3.5.4.13-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2-5.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.154.1 (ppc64|s390x|x86_64) 0:3.8.2-141.154.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.6-0.29.1 (x86_64) 0:0.9.6-0.29.1 (i586|x86_64) 0:0.9.6-0.23.1 (x86_64) 0:0.9.6-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.25.1 (ppc64|s390x|x86_64) 0:2.7.6-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.24-19.23.1 (ppc64|s390x|x86_64) 0:1.1.24-19.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20-2.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.1-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.2-0.3.1 (i586|x86_64) 0:3.0.6-1.25.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.6-1.25.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.2-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.3-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.3.1-0.4.2.1 (ppc64|s390x|x86_64) 0:5.10.0-64.61.61.1 (ia64) 0:5.10.0-64.61.61.1 (x86_64) 0:2.6.8-0.23.1 (i586|x86_64) 0:2.6.8-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.8-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.4-0.7.8.1 (i586|x86_64) 0:0.10.1-0.5.7.1 (i586|x86_64) 0:0.99.15-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.10-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.6-0.9.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.7.p357-0.9.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.17-0.9.1 (noarch) 0:2.3.17-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.2-1.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.17-0.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.14-0.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.14-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-0.4.4 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.0-0.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1-0.8.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.9.1-0.8.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.17-0.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.5.8 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.5-0.5.8 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.17-1.25.1 (i586|x86_64) 0:0.7.10-2.19.1 (i586|x86_64) 0:1.8.12-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.12-0.2.1 (i586|x86_64) 0:4.1.4_02-0.5.1 (x86_64) 0:0.9.6-0.21.3 (x86_64) 0:4.1.2_20-0.5.2 (i586|x86_64) 0:4.1.3_02-0.5.1 (i586|x86_64) 0:4.1.3_04-0.5.1 (i586|x86_64) 0:4.1.5_02-0.5.1 (i586|x86_64) 0:4.1.6_02-0.5.1 (i586|x86_64) 0:4.1.6_04-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.70.76.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.40.1 (ppc64|s390x|x86_64) 0:7.4-8.26.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-5.11.11.1 (ppc64|s390x|x86_64) 0:7.4-5.11.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.18.1 (ppc64|s390x|x86_64) 0:7.4-1.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.16.1 (ppc64|s390x|x86_64) 0:7.4-1.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.19.1 (ppc64|s390x|x86_64) 0:7.4-1.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.22.5.1 (ppc64|s390x|x86_64) 0:7.4-1.22.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:24.6.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.6-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.16.1-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.30.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.9esr-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.8.0esr-0.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:38.5.0esr-28.2 (i586|ia64|ppc64|s390x|x86_64) 0:24.5.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.4-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.16-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.6.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.8.0esr-0.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.8-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.19.2_CKBI_1.98-0.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.13-1326.37.1 (i586|x86_64) 0:2.2.12-59.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-59.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-0.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.0-3.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.0-3.17.2 (i586|x86_64) 0:5.2-147.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2-147.22.1 (ppc64|s390x|x86_64) 0:5.2-147.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.12.1 (ppc64) 0:9.9.6P1-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.15.1 (ppc64) 0:9.9.6P1-0.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.19.1 (ppc64) 0:9.9.6P1-0.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.22.1 (ppc64) 0:9.9.6P1-0.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.23.1-0.23.15 (ppc64|s390x|x86_64) 0:2.23.1-0.23.15 (i586|ppc64|x86_64) 0:2.23.1-0.23.15 (i586|ia64|ppc64|s390x|x86_64) 0:2.23.1-0.23.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.114.6-0.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.9-8.46.52.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.10-3.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4.P2-0.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.41.9-2.10.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.19.1-6.62.7 (ppc64|s390x|x86_64) 0:2.19.1-6.62.7 (ppc64|s390x|x86_64) 0:1.41.9-2.10.11.1 (ia64) 0:1.41.9-2.10.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.152-4.9.17 (x86_64) 0:0.152-4.9.17 (i586|x86_64) 0:22.3-4.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.2-0.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.24-43.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.6-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.7esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.10esr-0.7.4 (i586|ia64|ppc64|s390x|x86_64) 0:24.3.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.4-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:24.4.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:24.7.0esr-0.8.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.16.2-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:24.8.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.7-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.16.4-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.3.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.4.0esr-0.8.7 (i586|ia64|ppc64|s390x|x86_64) 0:3.17.3-0.8.11 (i586|ia64|ppc64|s390x|x86_64) 0:31.5.3esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.7.0esr-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.9-11.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.3.0esr-22.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.4.0esr-25.6 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.10-16.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.19.2.1-19.3 (i586|ia64|ppc64|s390x|x86_64) 0:24.2.0esr-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.3.1-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.2.0esr-0.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.7-0.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:3.17.2-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.2.1esr-19.3 (i586|ia64|ppc64|s390x|x86_64) 0:3.19.2.0-0.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.1-68.17.1 (ppc64|s390x|x86_64) 0:1.2.1-68.17.1 (ia64) 0:1.2.1-68.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.1-7.18.1 (i586|x86_64) 0:2.1.1-7.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.34.1 (ppc64|s390x|x86_64) 0:2.3.7-25.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.7-0.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.6-13.1 (ppc64|s390x|x86_64) 0:4.1.6-13.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.2-3.34.45.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.11.2 (i586|x86_64) 0:2.11.3-17.72.14 (i586|x86_64) 0:2.11.3-17.87.3 (i586|x86_64) 0:2.11.3-17.95.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.51.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.57.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.60.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.6-25.32.1 (ppc64|s390x|x86_64) 0:1.1.6-25.32.1 (ia64) 0:1.1.6-25.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.35.1 (ppc64) 0:2.18.9-0.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.39.1 (ppc64) 0:2.18.9-0.39.1 (i586|x86_64) 0:1.20.4-0.18.1 (i586|x86_64) 0:4.0-7.28.1 (x86_64) 0:4.0-7.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-7.28.1 (ppc64|s390x|x86_64) 0:4.0-7.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.1-134.17.1 (i586|x86_64) 0:1.6.0_sr16.2-0.3.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr16.2-0.3.1 (i586|x86_64) 0:1.6.0_sr16.7-10.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr16.7-10.1 (i586|x86_64) 0:1.6.0_sr16.15-46.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr16.15-46.1 (i586|ppc64|s390x|x86_64) 0:1.7.0_sr8.0-0.5.1 (i586|ppc64|s390x|x86_64) 0:1.7.0_sr9.10-9.1 (i586|ppc64|s390x|x86_64) 0:1.7.0_sr9.20-42.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.12.18.1 (noarch) 0:4.3.5-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.12.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.14.1 (x86_64) 0:4.3.5-0.14.1 (noarch) 0:3.0.101-0.47.71.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.62.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.62.1 (i586|x86_64) 0:1.6.3-133.49.62.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.97.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.97.1 (i586|x86_64) 0:1.6.3-133.49.97.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.103.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.103.1 (i586|x86_64) 0:1.6.3-133.49.103.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.64.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.64.1 (i586|x86_64) 0:1.6.3-133.49.64.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.66.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.66.1 (i586|x86_64) 0:1.6.3-133.49.66.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.68.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.68.1 (i586|x86_64) 0:1.6.3-133.49.68.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.5.9-0.19.3 (x86_64) 0:1.0.5.9-0.19.3 (i586|x86_64) 0:2.5-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.6.3-5.29.2 (ppc64|s390x|x86_64) 0:4.6.3-5.29.2 (ia64) 0:4.6.3-5.29.2 (noarch) 0:4.6.3-5.29.2 (i586|ia64|ppc64|s390x|x86_64) 0:9.1.12-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.5-24.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.16.5-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.2-1.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.0-0.19.1 (ppc64|s390x|x86_64) 0:1.5.0-0.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.0-0.17.1 (ppc64|s390x|x86_64) 0:1.5.0-0.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.4-1.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.4-1.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.03-12.3.1 (ppc64|s390x|x86_64) 0:2.03-12.3.1 (x86_64) 0:2.3.2-3.118.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-3.118.1 (ppc64|s390x|x86_64) 0:2.3.2-3.118.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.0.20060920alpha-74.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.0.20060920alpha-74.10.1 (ppc64|s390x|x86_64) 0:5.5.39-0.7.1 (ia64) 0:5.5.39-0.7.1 (ppc64|s390x|x86_64) 0:5.0.96-0.6.13 (ia64) 0:5.0.96-0.6.13 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.66.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.24.4-0.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.33.1 (ppc64|s390x|x86_64) 0:1.2.31-5.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.35.1 (ppc64|s390x|x86_64) 0:1.2.31-5.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.38.1 (ppc64|s390x|x86_64) 0:1.2.31-5.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.12.3-1.10.1 (i586|x86_64) 0:0.12.3-1.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.23-0.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.6.3-5.32.1 (ppc64|s390x|x86_64) 0:4.6.3-5.32.1 (ia64) 0:4.6.3-5.32.1 (noarch) 0:4.6.3-5.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.6.3-5.34.2 (ppc64|s390x|x86_64) 0:4.6.3-5.34.2 (ia64) 0:4.6.3-5.34.2 (noarch) 0:4.6.3-5.34.2 (i586|x86_64) 0:4.0.3.3.26-0.10.2 (noarch) 0:4.0.3.3.26-0.10.1 (noarch) 0:4.0.3.3.26-0.10.2 (i586|x86_64) 0:4.0.3.3.26-0.6.2 (noarch) 0:4.0.3.3.26-0.6.1 (noarch) 0:4.0.3.3.26-0.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.26.0-2.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.6.5 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.10.2 (x86_64) 0:5.4.2.1-8.12.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.4.2.1-8.12.22.1 (ppc64) 0:5.4.2.1-8.12.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2-5.20.1 (i586|x86_64) 0:1.2.9-4.2.4.1 (ppc64|s390x|x86_64) 0:1.2.9-4.2.4.1 (ia64) 0:1.2.9-4.2.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.9-4.2.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5-1.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.5.9-0.9.1 (x86_64) 0:1.0.5.9-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.1-156.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.8.4-206.29.29.1 (ppc64|s390x|x86_64) 0:0.2.8.4-206.29.29.1 (ia64) 0:0.2.8.4-206.29.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.3-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.31.1 (ppc64|s390x|x86_64) 0:2.7.6-0.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.34.1 (ppc64|s390x|x86_64) 0:2.7.6-0.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.37.1 (ppc64|s390x|x86_64) 0:2.7.6-0.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.1.3-0.10.16.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20-2.54.1 (i586|x86_64) 0:0.8.0-0.21.6 (i586|ia64|ppc64|s390x|x86_64) 0:0.8.0-0.21.6 (i586|x86_64) 0:0.8.0-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.8.0-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.9.2 (i586|ia64|ppc64|s390x) 0:2.6.7-0.16.1 (ppc64) 0:2.6.7-0.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.6.0esr-31.3 (i586|ia64|ppc64|s390x|x86_64) 0:3.20.2-25.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.10.8-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.19.2.2-22.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.2-0.8.1 (ppc64|s390x|x86_64) 0:5.5.45-0.11.1 (ia64) 0:5.5.45-0.11.1 (ppc64|s390x|x86_64) 0:5.5.46-0.14.1 (ia64) 0:5.5.46-0.14.1 (ppc64|s390x|x86_64) 0:5.5.47-0.17.1 (ia64) 0:5.5.47-0.17.1 (i586|x86_64) 0:3.0.6-1.25.36.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.6-1.25.36.1 (x86_64) 0:5.4.2.1-8.12.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.4.2.1-8.12.24.1 (ppc64) 0:5.4.2.1-8.12.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.15.3-0.8.1 (i586|x86_64) 0:2.4.26-0.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.35.1 (ppc64|s390x|x86_64) 0:2.4.26-0.35.1 (i586|x86_64) 0:2.4.26-0.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.30.1 (ppc64|s390x|x86_64) 0:2.4.26-0.30.1 (i586|x86_64) 0:2.4.26-0.62.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.62.2 (ppc64|s390x|x86_64) 0:2.4.26-0.62.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-172.24.1 (i586|x86_64) 0:1.2.0-172.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.80.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.152.0-6.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.5-0.12.1 (ppc64|s390x|x86_64) 0:1.1.5-0.12.1 (ppc64|s390x|x86_64) 0:5.10.0-64.70.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-45.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-48.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7-37.60.2 (ppc64) 0:1.7-37.60.2 (ppc64|s390x|x86_64) 0:4.4.2.3-37.60.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.2.3-37.60.2 (ppc64) 0:4.4.2.3-37.60.2 (ia64) 0:4.4.2.3-37.60.2 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.5-0.8.3 (i586|ia64|ppc64|s390x|x86_64) 0:9.1.15-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.1.18-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.1.19-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.5.git-2.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10.10-120.35.1 (x86_64) 0:2.6.9-0.33.1 (i586|x86_64) 0:2.6.9-0.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-0.33.1 (noarch) 0:2.6-8.33.1 (x86_64) 0:2.6.9-0.25.1 (i586|x86_64) 0:2.6.9-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-0.25.1 (noarch) 0:2.6-8.25.1 (x86_64) 0:2.6.9-0.27.1 (i586|x86_64) 0:2.6.9-0.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-0.27.1 (noarch) 0:2.6-8.27.1 (x86_64) 0:2.6.9-0.31.1 (i586|x86_64) 0:2.6.9-0.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-0.31.1 (noarch) 0:2.6-8.31.1 (i586|x86_64) 0:1.1.6-168.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.6-168.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.56.2-1.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.6-0.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6c8-10.19.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6c11-6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.17-0.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.9.1 (i586|x86_64) 0:8.14.3-50.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.14.3-50.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.7.p357-0.9.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.17-0.15.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.14.3 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.0-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.0-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.6-0.11.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.5-0.7.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.2-0.12.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.05-1.19.1 (i586|s390x|x86_64) 0:3.6.3-76.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-0.56.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-64.1 (x86_64) 0:3.0u-0.7.2 (noarch) 0:1.2.9-162.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.17-1.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0-37.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.160.1 (ppc64|s390x|x86_64) 0:3.8.2-141.160.1 (i586|x86_64) 0:1.10.11-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10.11-0.2.1 (i586|x86_64) 0:1.12.7-0.5.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.7-0.5.3 (i586|x86_64) 0:1.12.9-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.9-0.12.1 (noarch) 0:2.7.0-217.26.1 (i586|x86_64) 0:4.2.5_06-0.7.1 (x86_64) 0:4.2.5_02-0.7.1 (i586|x86_64) 0:4.2.5_12-15.1 (i586|x86_64) 0:4.2.5_14-18.2 (i586|x86_64) 0:4.2.2_06-0.7.1 (i586|x86_64) 0:4.2.3_02-0.7.1 (i586|x86_64) 0:4.2.3_08-0.7.1 (i586|x86_64) 0:4.2.4_02-0.7.1 (i586|x86_64) 0:4.2.4_04-0.9.1 (i586|x86_64) 0:4.2.5_04-0.9.1 (i586|x86_64) 0:4.2.5_08-0.9.1 (i586|x86_64) 0:4.2.5_18-21.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.8-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.42.1 (ppc64|s390x|x86_64) 0:7.4-8.26.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-5.11.15.1 (ppc64|s390x|x86_64) 0:7.4-5.11.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.18.2 (ppc64|s390x|x86_64) 0:7.4-1.18.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.16.2 (ppc64|s390x|x86_64) 0:7.4-1.16.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.19.2 (ppc64|s390x|x86_64) 0:7.4-1.19.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.5-4.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.5-6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.59.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.62.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.65.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.77.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.28.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.78.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.61.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.66.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.72.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.78.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-78.85.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.34.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.37.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.40.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.45.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.45.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.48.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.48.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.54.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.54.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.60.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.60.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.65.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.65.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.77.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.77.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.5.2 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.8.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.14.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.17.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.22.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.29.2 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.29.2 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.34.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.78.37.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.78.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.40.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.45.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.45.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.56.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.56.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.59.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.59.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.74.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.74.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.79.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.79.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-78.92.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.92.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.1-159.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.1-160.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.1-160.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.1-160.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.6.1esr-34.1 (i586|ia64|ppc64|s390x|x86_64) 0:38.8.0esr-40.5 (i586|ia64|ppc64|s390x|x86_64) 0:4.12-26.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.20.2-30.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.2.0esr-45.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.0-2.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.12-29.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.21.1-35.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.3.0esr-50.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.4.0esr-53.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.6.0esr-62.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.7.0esr-65.2 (i586|ia64|ppc64|s390x|x86_64) 0:45.8.0esr-68.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.9.0esr-71.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.13.1-32.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.29.5-46.1 (i586|ppc64|s390x|x86_64) 0:52.2.0esr-72.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.29.5-47.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:52.3.0esr-72.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:52.5.0esr-72.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:52.6.0esr-72.20.2 (i586|ia64|ppc64|s390x|x86_64) 0:52.7.3esr-72.27.2 (i586|ia64|ppc64|s390x|x86_64) 0:52.8.0esr-72.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:52.8.1esr-72.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:52.9.0esr-72.38.6 (i586|ia64|ppc64|s390x|x86_64) 0:38.7.0esr-37.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.12-24.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.20.2-28.1 (x86_64) 0:1.6.1-83.17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.1-83.17.3.1 (x86_64) 0:1.2.13-106.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.13-106.11.1 (ppc64|s390x|x86_64) 0:1.2.13-106.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.6-84.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.6-84.46.1 (i586|x86_64) 0:4.4.2_12-23.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.0-29.17.5.1 (noarch) 0:1.7.1-20.11.5.1 (noarch) 0:1.7.1-16.11.5.1 (i586|x86_64) 0:2.2.12-64.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-64.1 (i586|x86_64) 0:2.2.12-69.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-69.1 (i586|x86_64) 0:2.2.34-70.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.34-70.5.1 (i586|x86_64) 0:2.2.34-70.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.34-70.12.1 (i586|x86_64) 0:2.2.34-70.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.34-70.15.1 (i586|x86_64) 0:2.2.34-70.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.34-70.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2-31.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.6-142.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.0-3.21.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.23-35.6.2 (i586|ia64|s390x|x86_64) 0:0.6.23-35.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.23-35.6.1 (i586|x86_64) 0:5.2-147.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2-147.29.1 (ppc64|s390x|x86_64) 0:5.2-147.29.1 (i586|x86_64) 0:5.2-147.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2-147.35.1 (ppc64|s390x|x86_64) 0:5.2-147.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.25.1 (ppc64) 0:9.9.6P1-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.30.1 (ppc64) 0:9.9.6P1-0.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.33.1 (ppc64) 0:9.9.6P1-0.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.36.1 (ppc64) 0:9.9.6P1-0.36.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.39.1 (ppc64) 0:9.9.6P1-0.39.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.44.1 (ppc64) 0:9.9.6P1-0.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.47.1 (ppc64) 0:9.9.6P1-0.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.50.1 (ppc64) 0:9.9.6P1-0.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.9.6P1-0.51.7.1 (ppc64) 0:9.9.6P1-0.51.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.5-9.1 (noarch) 0:2.0-318.1 (noarch) 0:20171128-8.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.162.1-7.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8-3.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.8-2.3.7.1 (ppc64) 0:1.8.8-2.3.7.1 (i586|x86_64) 0:1.8.8-2.3.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.12-56.13.1 (i586|x86_64) 0:7.0.9-30.3.28 (i586|ia64|ppc64|s390x|x86_64) 0:7.0.9-30.3.28 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.114.6-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.9-8.46.56.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.61.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.64.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.69.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.70.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.70.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-1.70.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.38.1 (i586|x86_64) 0:1.12.12-144.23.5.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.11-60.65.67.1 (i586|x86_64) 0:2.3.11-60.65.67.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4.P2-0.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4.P2-0.28.5.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4.P2-0.28.8.1 (noarch) 0:1.6.1-8.3.8.1 (i586|x86_64) 0:22.3-42.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.2-0.7.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.2-4.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.1-88.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.1-88.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.1-88.42.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:52.4.0esr-72.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.29.5-47.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.0-10.19.1 (ppc64|s390x|x86_64) 0:2.6.0-10.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.1-7.24.1 (i586|x86_64) 0:2.1.1-7.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.1-7.25.3.1 (i586|x86_64) 0:2.1.1-7.25.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.41.4 (ppc64|s390x|x86_64) 0:2.3.7-25.41.4 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.45.5.1 (ppc64|s390x|x86_64) 0:2.3.7-25.45.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.45.8.1 (ppc64|s390x|x86_64) 0:2.3.7-25.45.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.7-0.11.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.4_20091019-37.3.1 (i586|ia64|x86_64) 0:4.3.4_20091019-37.3.1 (ppc64|s390x|x86_64) 0:4.3.4_20091019-37.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.4_20091019-37.9.1 (i586|ia64|x86_64) 0:4.3.4_20091019-37.9.1 (ppc64|s390x|x86_64) 0:4.3.4_20091019-37.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.8.5-4.2 (ppc64|s390x|x86_64) 0:4.8.5-4.2 (i586|ppc64|x86_64) 0:4.8.5-4.2 (ppc64|x86_64) 0:4.8.5-4.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.8.5-5.3.1 (ppc64|s390x|x86_64) 0:4.8.5-5.3.1 (i586|ppc64|x86_64) 0:4.8.5-5.3.1 (ppc64|x86_64) 0:4.8.5-5.3.1 (ppc64|s390x|x86_64) 0:5.3.1+r233831-10.1 (i586|ppc64|x86_64) 0:5.3.1+r233831-10.1 (ppc64|x86_64) 0:5.3.1+r233831-10.1 (i586|ia64) 0:5.3.1+r233831-10.1 (i586|x86_64) 0:5.3.1+r233831-10.1 (x86_64) 0:5.3.1+r233831-10.1 (i586|ppc64|s390x|x86_64) 0:5.3.1+r233831-10.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.1+r233831-10.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.36.RC1-52.33.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.47.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.47.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.47.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.47.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.47.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.47.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.6-21.1 (ppc64|s390x|x86_64) 0:4.1.6-21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.2-3.34.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.18.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.18.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.12.4-0.18.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.22.5-0.8.36.1 (ppc64|s390x|x86_64) 0:2.22.5-0.8.36.1 (i586|x86_64) 0:2.22.5-0.8.36.1 (i586|x86_64) 0:2.11.3-17.102.1 (i586|x86_64) 0:2.11.3-17.109.1 (i586|x86_64) 0:2.11.3-17.110.3.1 (i586|x86_64) 0:2.11.3-17.110.6.2 (i586|x86_64) 0:2.11.3-17.110.9.2 (i586|x86_64) 0:2.11.3-17.110.14.1 (i586|x86_64) 0:2.11.3-17.110.19.2 (i586|x86_64) 0:2.11.3-17.110.24.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.67.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.70.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.35-5.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.44.1 (ppc64) 0:2.18.9-0.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.45.3.1 (ppc64) 0:2.18.9-0.45.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.45.8.1 (ppc64) 0:2.18.9-0.45.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.5-24.1 (i586|x86_64) 0:4.0-7.30.2 (x86_64) 0:4.0-7.30.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-7.30.2 (ppc64|s390x|x86_64) 0:4.0-7.30.2 (i586|x86_64) 0:4.0-38.1 (x86_64) 0:4.0-38.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-38.1 (ppc64|s390x|x86_64) 0:4.0-38.1 (i586|x86_64) 0:4.0-43.1 (x86_64) 0:4.0-43.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-43.1 (ppc64|s390x|x86_64) 0:4.0-43.1 (i586|x86_64) 0:4.0-46.1 (x86_64) 0:4.0-46.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-46.1 (ppc64|s390x|x86_64) 0:4.0-46.1 (i586|x86_64) 0:4.0-47.6.1 (x86_64) 0:4.0-47.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0-47.6.1 (ppc64|s390x|x86_64) 0:4.0-47.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.2-2.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.14-134.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.14-134.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.14-134.33.3.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.10-3.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.20-6.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.30-9.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.40-13.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.60-19.2 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.1-22.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.5-25.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.10-26.5.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.15-26.8.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.20-26.13.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.25-26.26.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.30-26.29.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.35-26.32.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.40-26.36.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr3.50-16.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2.0-879.12.7.1 (ppc64|s390x|x86_64) 0:6.2.0-879.12.7.1 (x86_64) 0:3.5.10-23.30.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.5.10-23.30.5.1 (ppc64|s390x|x86_64) 0:3.5.10-23.30.5.1 (ia64) 0:3.5.10-23.30.5.1 (noarch) 0:3.0.101-80.2 (noarch) 0:3.0.101-88.3 (noarch) 0:3.0.101-94.2 (noarch) 0:3.0.101-97.3 (noarch) 0:3.0.101-104.7 (noarch) 0:3.0.101-108.7.2 (noarch) 0:3.0.101-108.13.2 (noarch) 0:3.0.101-108.71.1 (noarch) 0:3.0.101-65.3 (noarch) 0:3.0.101-71.2 (noarch) 0:3.0.101-108.18.3 (noarch) 0:3.0.101-108.21.2 (noarch) 0:3.0.101-108.24.3 (noarch) 0:3.0.101-108.35.1 (noarch) 0:3.0.101-108.48.1 (noarch) 0:3.0.101-108.52.2 (noarch) 0:3.0.101-108.68.1 (noarch) 0:3.0.101-108.77.1 (noarch) 0:3.0.101-108.87.1 (noarch) 0:3.0.101-68.2 (noarch) 0:3.0.101-77.2 (noarch) 0:3.0.101-84.2 (noarch) 0:3.0.101-107.3 (noarch) 0:3.0.101-108.10.2 (noarch) 0:3.0.101-108.57.1 (noarch) 0:3.0.101-108.60.1 (noarch) 0:3.0.101-108.81.1 (noarch) 0:3.0.101-108.38.1 (noarch) 0:3.0.101-108.41.1 (i586|ia64|ppc64|x86_64) 0:1.5.4.1-22.3.1 (i586|ia64|ppc64|x86_64) 0:1.5.4.1-22.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.106.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.106.1 (i586|x86_64) 0:1.6.3-133.49.106.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.109.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.109.1 (i586|x86_64) 0:1.6.3-133.49.109.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.113.7.1 (ppc64|s390x|x86_64) 0:1.6.3-133.49.113.7.1 (i586|x86_64) 0:1.6.3-133.49.113.7.1 (i586|x86_64) 0:1.3.4-12.22.23.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.4-12.22.23.3.2 (ppc64) 0:1.3.4-12.22.23.3.2 (i586|x86_64) 0:1.3.3-11.18.19.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-11.18.19.13.2 (ppc64) 0:1.3.3-11.18.19.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.3-1.9.6 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.4-7.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.41.rc1-7.1 (i586|x86_64) 0:0.41.rc1-7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.5.20-97.5 (i586|ia64|ppc64|s390x|x86_64) 0:4.5.20-97.7 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.5-24.24.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.17-2.14.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.0-0.22.1 (ppc64|s390x|x86_64) 0:1.5.0-0.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.0-0.25.1 (ppc64|s390x|x86_64) 0:1.5.0-0.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.43-1.10.6.1 (ppc64|s390x|x86_64) 0:0.43-1.10.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.15.1b-132.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10-6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10-7.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.4-1.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.11a-116.2.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.0.20060920alpha-74.11.6.1 (i586|x86_64) 0:0.9.0-3.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.0-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.0-10.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.43.1 (ppc64|s390x|x86_64) 0:1.2.31-5.43.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.3-5.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.3-6.5.1 (noarch) 0:1.1.03.beta1-2.1 (i586|x86_64) 0:2.8.8-2.1 (i586|x86_64) 0:1.2.4-2.1 (i586|x86_64) 0:5.0.4.2-23.1 (noarch) 0:1-2.1 (i586|x86_64) 0:4.1-2.26 (i586|x86_64) 0:3.7.1-5.2 (i586|x86_64) 0:20150827-23.1 (i586|x86_64) 0:1.0.2-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.1.4-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.19.7.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.19.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2-5.22.1 (i586|x86_64) 0:0.2-5.22.1 (i586|x86_64) 0:1.2.9-4.2.6.1 (ppc64|s390x|x86_64) 0:1.2.9-4.2.6.1 (ia64) 0:1.2.9-4.2.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.9-4.2.6.1 (i586|x86_64) 0:1.4.3-17.3.1 (ppc64|s390x|x86_64) 0:1.4.3-17.3.1 (ia64) 0:1.4.3-17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.3-17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.1-1.12.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.1-1.13.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.1-1.13.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-12.3 (x86_64) 0:1.2.5-12.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-15.3 (x86_64) 0:1.2.5-15.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-23.3.1 (x86_64) 0:1.2.5-23.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-23.6.1 (x86_64) 0:1.2.5-23.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-23.15.1 (x86_64) 0:1.2.5-23.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.20.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.20.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.20.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.20.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.40.1 (ppc64|s390x|x86_64) 0:2.7.6-0.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.44.1 (ppc64|s390x|x86_64) 0:2.7.6-0.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.50.1 (ppc64|s390x|x86_64) 0:2.7.6-0.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.64.1 (ppc64|s390x|x86_64) 0:2.7.6-0.64.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.69.1 (ppc64|s390x|x86_64) 0:2.7.6-0.69.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.76.1 (ppc64|s390x|x86_64) 0:2.7.6-0.76.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.77.3.2 (ppc64|s390x|x86_64) 0:2.7.6-0.77.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.77.10.1 (ppc64|s390x|x86_64) 0:2.7.6-0.77.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.77.15.1 (ppc64|s390x|x86_64) 0:2.7.6-0.77.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.24-19.33.1 (ppc64|s390x|x86_64) 0:1.1.24-19.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.24-19.33.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20-2.58.1 (noarch) 0:3.0.101-91.2 (noarch) 0:3.0.101-100.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.6-145.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.8.6-146.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.6-5.17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.6-5.17.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.14.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.18.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.18.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.18.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.5.1esr-59.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.21.3-39.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.7-0.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.7-0.18.1 (ppc64) 0:2.6.7-0.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5-24.3.1 (ppc64|s390x|x86_64) 0:5.5.49-0.20.1 (ia64) 0:5.5.49-0.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.0.96-0.8.10.3 (ppc64|s390x|x86_64) 0:5.0.96-0.8.10.3 (ia64) 0:5.0.96-0.8.10.3 (ppc64|s390x|x86_64) 0:5.5.52-0.27.1 (ia64) 0:5.5.52-0.27.1 (ppc64|s390x|x86_64) 0:5.5.53-0.30.1 (ia64) 0:5.5.53-0.30.1 (ppc64|s390x|x86_64) 0:5.5.54-0.35.1 (ia64) 0:5.5.54-0.35.1 (ppc64|s390x|x86_64) 0:5.5.55-0.38.1 (ia64) 0:5.5.55-0.38.1 (ppc64|s390x|x86_64) 0:5.5.57-0.39.3.1 (ia64) 0:5.5.57-0.39.3.1 (ppc64|s390x|x86_64) 0:5.5.58-0.39.6.1 (ia64) 0:5.5.58-0.39.6.1 (ppc64|s390x|x86_64) 0:5.5.59-0.39.9.8 (ia64) 0:5.5.59-0.39.9.8 (ppc64|s390x|x86_64) 0:5.5.60-0.39.12.1 (ia64) 0:5.5.60-0.39.12.1 (ppc64|s390x|x86_64) 0:5.5.61-0.39.15.1 (ia64) 0:5.5.61-0.39.15.1 (ppc64|s390x|x86_64) 0:5.5.62-0.39.18.1 (ia64) 0:5.5.62-0.39.18.1 (i586|x86_64) 0:3.0.6-1.25.36.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.6-1.25.36.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.03.90-2.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.4-1.16.21.3.1 (i586|x86_64) 0:5.6-92.1 (x86_64) 0:5.6-92.1 (i586|x86_64) 0:5.6-93.6.1 (x86_64) 0:5.6-93.6.1 (i586|x86_64) 0:5.6-93.12.1 (x86_64) 0:5.6-93.12.1 (i586|x86_64) 0:5.6-93.15.1 (x86_64) 0:5.6-93.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.3-249.23.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.26.44-101.14.1 (ppc64|s390x|x86_64) 0:10.26.44-101.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2011.4.12-0.9.3.1 (i586|x86_64) 0:2011.4.12-0.9.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5-1.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.02.1-3.4 (i586|ia64|ppc64|s390x|x86_64) 0:4.02.1-4.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.02.1-4.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.11.6-5.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-172.27.3.1 (i586|x86_64) 0:1.2.0-172.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.89.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.97.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.97.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.102.2 (ppc64|s390x|x86_64) 0:0.9.8j-0.102.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.105.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.105.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.106.9.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.106.12.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.106.15.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.106.18.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.3-0.16.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.5-0.17.2 (ppc64|s390x|x86_64) 0:1.1.5-0.17.2 (ppc64|s390x|x86_64) 0:5.10.0-64.80.1 (ppc64|s390x|x86_64) 0:5.10.0-64.81.3.1 (ppc64|s390x|x86_64) 0:5.10.0-64.81.10.1 (ppc64|s390x|x86_64) 0:5.10.0-64.81.13.1 (i586|x86_64) 0:4.008-6.1 (i586|x86_64) 0:4.008-9.1 (i586|x86_64) 0:4.008-10.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.710.08-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-59.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-62.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-71.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-74.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-79.2 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-84.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-87.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-94.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-101.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-108.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-111.2 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.45.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.53.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.17-112.58.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.6-0.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.6-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.12.3-1.12.1 (i586|x86_64) 0:0.12.3-1.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.12.3-1.13.3.2 (i586|x86_64) 0:0.12.3-1.13.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.6-0.14.3 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.9-0.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.12-0.22.3 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.13-0.23.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.15-0.23.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.16-0.23.13.2 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.17-0.23.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.4.19-0.23.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.5.git-2.31.7 (x86_64) 0:2.6.9-39.1 (i586|x86_64) 0:2.6.9-39.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-39.1 (noarch) 0:2.6-8.39.1 (x86_64) 0:2.6.9-40.3.1 (i586|x86_64) 0:2.6.9-40.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-40.3.1 (noarch) 0:2.6-8.40.3.1 (x86_64) 0:2.6.9-40.6.2 (i586|x86_64) 0:2.6.9-40.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-40.6.2 (noarch) 0:2.6-8.40.6.2 (x86_64) 0:2.6.9-40.15.1 (i586|x86_64) 0:2.6.9-40.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-40.15.1 (noarch) 0:2.6-8.40.15.1 (x86_64) 0:2.6.9-40.21.2 (i586|x86_64) 0:2.6.9-40.21.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-40.21.1 (noarch) 0:2.6-8.40.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.0-6.4.1 (i586|x86_64) 0:0.99.15-0.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.16.1 (i586|x86_64) 0:0.99.15-0.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.21.1 (i586|x86_64) 0:0.99.15-0.24.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.24.2 (i586|x86_64) 0:0.99.15-0.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.29.1 (i586|x86_64) 0:0.99.15-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.7.p357-0.9.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.12-0.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.4-0.10.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-67.2 (ia64|ppc64|s390x|x86_64) 0:3.6.3-67.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-76.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-84.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-87.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-90.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-93.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-94.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-94.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-94.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.6.3-94.14.2 (ia64|ppc64|s390x|x86_64) 0:3.6.3-64.1 (ppc64|s390x|x86_64) 0:1.0.20-7.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-7.8.1 (ia64) 0:1.0.20-7.8.1 (i586|x86_64) 0:0.12.4-5.1 (i586|x86_64) 0:0.12.4-8.1 (i586|x86_64) 0:0.12.4-11.1 (i586|x86_64) 0:0.12.4-15.1 (i586|x86_64) 0:0.12.4-18.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.7.6.3-1.4.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.17-1.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.17-1.36.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.163.1 (ppc64|s390x|x86_64) 0:3.8.2-141.163.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.168.1 (ppc64|s390x|x86_64) 0:3.8.2-141.168.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.3.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.6.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.9.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.16.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.19.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.22.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.26.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.169.31.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.50.1-1.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.50.1-1.30.1 (i586|x86_64) 0:1.12.11-0.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.11-0.18.1 (i586|x86_64) 0:1.12.13-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.13-0.23.1 (i586|x86_64) 0:2.0.12-36.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.12-36.1 (i586|x86_64) 0:2.0.13-39.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.13-39.1 (i586|x86_64) 0:2.0.14-40.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.14-40.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.4.5-2.7.2.1 (i586|x86_64) 0:2.2.11-40.14.5 (i586|ia64|ppc64|s390x|x86_64) 0:19-234.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.11-40.14.5 (i586|x86_64) 0:2.2.12-40.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-40.17.1 (i586|x86_64) 0:2.2.13-40.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.13-40.22.1 (i586|x86_64) 0:2.2.14-40.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.14-40.25.1 (i586|x86_64) 0:2.2.16-40.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.16-40.28.1 (i586|x86_64) 0:2.2.17-40.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.17-40.31.1 (i586|x86_64) 0:4.4.2_10-5.1 (i586|x86_64) 0:4.4.3_02-26.2 (i586|x86_64) 0:4.4.4_02-32.1 (i586|x86_64) 0:4.4.4_07-37.1 (i586|x86_64) 0:4.4.4_08-40.2 (i586|x86_64) 0:4.4.4_10-43.5 (i586|x86_64) 0:4.4.4_12-46.1 (i586|x86_64) 0:4.4.4_14-51.1 (i586|x86_64) 0:4.4.4_16-54.1 (i586|x86_64) 0:4.4.4_18-57.1 (i586|x86_64) 0:4.4.4_20-60.3 (i586|x86_64) 0:4.4.4_22-61.9.2 (i586|x86_64) 0:4.4.4_24-61.12.1 (i586|x86_64) 0:4.4.4_26-61.17.1 (i586|x86_64) 0:4.4.4_28-61.23.2 (i586|x86_64) 0:4.4.4_30-61.26.1 (i586|x86_64) 0:4.4.4_32-61.29.2 (i586|x86_64) 0:4.4.4_34-61.32.1 (i586|x86_64) 0:4.4.4_36-61.37.2 (i586|x86_64) 0:4.4.4_38-61.40.1 (i586|x86_64) 0:4.4.4_40-61.43.2 (i586|x86_64) 0:4.4.3_06-29.1 (noarch) 0:2.8.1-238.29.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-3.1 (ppc64|s390x|x86_64) 0:7.4-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-5.11.65.1 (ppc64|s390x|x86_64) 0:7.4-5.11.65.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-5.11.68.1 (ppc64|s390x|x86_64) 0:7.4-5.11.68.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-5.11.72.9.1 (ppc64|s390x|x86_64) 0:7.4-5.11.72.9.1 (x86_64) 0:7.4-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-1.20.1 (ppc64|s390x|x86_64) 0:7.4-1.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.49.1 (ppc64|s390x|x86_64) 0:7.4-8.26.49.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.50.5.3 (ppc64|s390x|x86_64) 0:7.4-8.26.50.5.3 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.50.8.1 (ppc64|s390x|x86_64) 0:7.4-8.26.50.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.118.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.121.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.122.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.122.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.17.161-5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.7-0.14.1 (ppc64|s390x|x86_64) 0:1.2.7-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.103.4-0.20.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.103.5-0.20.44.1 (ppc64|s390x|x86_64) 0:7.19.7-1.61.1 (ia64) 0:7.19.7-1.61.1 (ppc64|s390x|x86_64) 0:7.19.7-1.64.1 (ia64) 0:7.19.7-1.64.1 (ppc64|s390x|x86_64) 0:7.19.7-1.69.1 (ia64) 0:7.19.7-1.69.1 (ppc64|s390x|x86_64) 0:7.19.7-1.70.3.1 (ia64) 0:7.19.7-1.70.3.1 (ppc64|s390x|x86_64) 0:7.19.7-1.70.8.1 (ia64) 0:7.19.7-1.70.8.1 (ppc64|s390x|x86_64) 0:7.19.7-1.70.13.1 (ppc64|s390x|x86_64) 0:7.37.0-70.27.1 (ia64) 0:7.37.0-70.27.1 (ppc64|s390x|x86_64) 0:7.37.0-70.30.1 (ia64) 0:7.37.0-70.30.1 (ppc64|s390x|x86_64) 0:7.37.0-70.33.1 (ia64) 0:7.37.0-70.33.1 (ppc64|s390x|x86_64) 0:7.37.0-70.38.1 (ia64) 0:7.37.0-70.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.41.2 (ppc64|s390x|x86_64) 0:7.37.0-70.41.2 (ia64) 0:7.37.0-70.41.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.44.1 (ppc64|s390x|x86_64) 0:7.37.0-70.44.1 (ia64) 0:7.37.0-70.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.47.1 (ppc64|s390x|x86_64) 0:7.37.0-70.47.1 (ia64) 0:7.37.0-70.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.52.2 (ppc64|s390x|x86_64) 0:7.37.0-70.52.2 (ia64) 0:7.37.0-70.52.2 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.57.1 (ppc64|s390x|x86_64) 0:7.37.0-70.57.1 (ia64) 0:7.37.0-70.57.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.60.1 (ppc64|s390x|x86_64) 0:7.37.0-70.60.1 (ia64) 0:7.37.0-70.60.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.63.1 (ppc64|s390x|x86_64) 0:7.37.0-70.63.1 (ia64) 0:7.37.0-70.63.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.66.1 (ppc64|s390x|x86_64) 0:7.37.0-70.66.1 (ia64) 0:7.37.0-70.66.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.71.1 (ppc64|s390x|x86_64) 0:7.37.0-70.71.1 (ia64) 0:7.37.0-70.71.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.37.0-70.74.1 (ppc64|s390x|x86_64) 0:7.37.0-70.74.1 (ia64) 0:7.37.0-70.74.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.7-0.40.1 (ppc64|s390x|x86_64) 0:7.19.7-0.40.1 (ia64) 0:7.19.7-0.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.22-182.26.4.1 (ppc64|s390x|x86_64) 0:2.1.22-182.26.4.1 (ia64) 0:2.1.22-182.26.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.22-182.26.7.1 (ppc64|s390x|x86_64) 0:2.1.22-182.26.7.1 (ia64) 0:2.1.22-182.26.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.22.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.22.1 (ia64) 0:1.0.1g-0.22.1 (ia64) 0:2.4.26-0.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.6.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.6.1 (ia64) 0:2.4.26-0.74.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.9.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.9.1 (ia64) 0:2.4.26-0.74.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.13.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.13.1 (ia64) 0:2.4.26-0.74.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.16.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.16.1 (ia64) 0:2.4.26-0.74.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.19.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.19.1 (ia64) 0:2.4.26-0.74.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.74.26.1 (ppc64|s390x|x86_64) 0:2.4.26-0.74.26.1 (ia64) 0:2.4.26-0.74.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.30.2 (ppc64|s390x|x86_64) 0:2.4.26-0.30.2 (ia64) 0:2.4.26-0.30.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.26-0.62.3 (ppc64|s390x|x86_64) 0:2.4.26-0.62.3 (ia64) 0:2.4.26-0.62.3 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-10.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-15.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-18.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-19.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-19.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-19.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.35.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.35.1 (ia64) 0:1.0.1g-0.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.40.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.40.1 (ia64) 0:1.0.1g-0.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.47.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.47.1 (ia64) 0:1.0.1g-0.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.52.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.52.1 (ia64) 0:1.0.1g-0.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.57.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.57.1 (ia64) 0:1.0.1g-0.57.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.3.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.3.1 (ia64) 0:1.0.1g-0.58.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.9.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.9.1 (ia64) 0:1.0.1g-0.58.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.12.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.12.1 (ia64) 0:1.0.1g-0.58.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.15.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.15.1 (ia64) 0:1.0.1g-0.58.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.21.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.21.1 (ia64) 0:1.0.1g-0.58.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.24.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.24.1 (ia64) 0:1.0.1g-0.58.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.27.2 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.27.2 (ia64) 0:1.0.1g-0.58.27.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.30.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.30.1 (ia64) 0:1.0.1g-0.58.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.33.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.33.1 (ia64) 0:1.0.1g-0.58.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.36.2 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.36.2 (ia64) 0:1.0.1g-0.58.36.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.39.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.39.1 (ia64) 0:1.0.1g-0.58.39.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.1g-0.58.42.1 (ppc64|s390x|x86_64) 0:1.0.1g-0.58.42.1 (ia64) 0:1.0.1g-0.58.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.10.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.10.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.10.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.2-0.10.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.11-0.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.11.4-1.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.11.4-1.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.11.4-1.41.3.1 (i586|x86_64) 0:6.4.3.6-7.26.1 (x86_64) 0:6.4.3.6-7.26.1 (i586|x86_64) 0:7.11.2-0.9.1 (x86_64) 0:7.11.2-0.9.1 (i586|x86_64) 0:17.0.9esr-0.3.1 (i586) 0:9.5.5-0.5.5.1 (noarch) 0:9.4.6-0.4.5.1 (i586) 0:9.4.2-0.4.1 (i586|x86_64) 0:9.9.4P2-0.6.1 (x86_64) 0:9.9.4P2-0.6.1 (i586|x86_64) 0:1.1.1-174.27.1 (i586|x86_64) 0:2.6.7-0.9.1 (i586|x86_64) 0:3.6.3-0.33.39.1 (x86_64) 0:3.6.3-0.33.39.1 (i586|x86_64) 0:3.4.3-1.50.1 (x86_64) 0:3.4.3-1.50.1 (noarch) 0:3.6.3-0.33.39.1 (i586|x86_64) 0:0.97.8-0.2.1 (x86_64) 0:0.9.7g-146.22.1 (i586|x86_64) 0:8.12-6.25.29.1 (i586|x86_64) 0:1.3.9-8.46.48.1 (x86_64) 0:1.3.9-8.46.48.1 (i586|x86_64) 0:7.19.7-1.20.31.1 (x86_64) 0:7.19.7-1.20.31.1 (i586|x86_64) 0:4.2.4.P2-0.11.13.1 (i586|x86_64) 0:2.6.6-0.19.1 (i586|x86_64) 0:10.0.7-0.3.1 (i586|x86_64) 0:7-0.6.7.80 (i586|x86_64) 0:3.13.6-0.5.1 (x86_64) 0:3.13.6-0.5.1 (i586|x86_64) 0:4.9.2-0.6.1 (x86_64) 0:4.9.2-0.6.1 (i586|x86_64) 0:10.0.9-0.3.1 (i586|x86_64) 0:7-0.6.7.85 (i586|x86_64) 0:10.0.10-0.3.1 (i586|x86_64) 0:4.9.3-0.2.1 (x86_64) 0:4.9.3-0.2.1 (i586|x86_64) 0:10.0.11-0.3.1 (i586|x86_64) 0:3.14-0.3.1 (x86_64) 0:3.14-0.3.1 (i586|x86_64) 0:10.0.12-0.4.1 (i586|x86_64) 0:3.14.1-0.3.1 (x86_64) 0:3.14.1-0.3.1 (i586|x86_64) 0:4.9.4-0.3.1 (x86_64) 0:4.9.4-0.3.1 (i586|x86_64) 0:17.0.4esr-0.5.1 (i586|x86_64) 0:7-0.6.9.5 (i586|x86_64) 0:3.14.2-0.4.3.2 (x86_64) 0:3.14.2-0.4.3.2 (i586|x86_64) 0:0.5-1.47.51.5 (i586|x86_64) 0:4.9.5-0.3.2 (x86_64) 0:4.9.5-0.3.2 (i586|x86_64) 0:17.0.5esr-0.4.1 (i586|x86_64) 0:7-0.6.9.17 (i586|x86_64) 0:3.14.3-0.4.3.1 (x86_64) 0:3.14.3-0.4.3.1 (i586|x86_64) 0:4.9.6-0.3.1 (x86_64) 0:4.9.6-0.3.1 (i586|x86_64) 0:17.0.6esr-0.4.1 (i586|x86_64) 0:17.0.7esr-0.3.1 (i586|x86_64) 0:7-0.6.9.31 (i586|x86_64) 0:17.0.10esr-0.4.2.4 (i586|x86_64) 0:7-0.6.9.62 (i586|x86_64) 0:11.2.202.336-0.3.1 (i586|x86_64) 0:2.3.7-25.32.1 (x86_64) 0:2.3.7-25.32.1 (i586|x86_64) 0:8.62-32.34.1 (i586|x86_64) 0:4.2.7-32.34.1 (i586|i686|x86_64) 0:2.11.3-17.45.49.1 (x86_64) 0:2.11.3-17.45.49.1 (i586|x86_64) 0:2.4.1-24.39.47.1 (x86_64) 0:2.4.1-24.39.47.1 (i586|x86_64) 0:2.0.9-25.33.37.1 (i586|x86_64) 0:2.18.9-0.23.1 (x86_64) 0:2.18.9-0.23.1 (i586|x86_64) 0:3.11.10-0.6.11.1 (i586|x86_64) 0:1.4.1-0.8.1 (i586|x86_64) 0:0.46-62.38.1 (i586|x86_64) 0:1.6.0.0_b27.1.12.7-0.2.1 (i586|x86_64) 0:4.3.5-0.12.1 (i586|x86_64) 0:3.0.101-0.7.17.1 (i586) 0:3.0.101-0.7.17.1 (i586|x86_64) 0:4.1.6_04_3.0.101_0.7.17-0.5.16 (i586) 0:4.1.6_04_3.0.101_0.7.17-0.5.16 (x86_64) 0:1.6.3-133.49.58.1 (i586|x86_64) 0:0.15.1-0.27.1 (i586|x86_64) 0:1.17-77.16.1 (x86_64) 0:1.17-77.16.1 (i586|x86_64) 0:3.6.3-0.24.4 (x86_64) 0:3.6.3-0.24.4 (noarch) 0:3.6.3-0.24.4 (i586|x86_64) 0:4.6.3-5.20.23.1 (x86_64) 0:4.6.3-5.20.23.1 (i586|x86_64) 0:9.1.9-0.3.1 (x86_64) 0:9.1.9-0.3.1 (i586|x86_64) 0:1.5.0-0.15.2 (x86_64) 0:1.5.0-0.15.2 (i586|x86_64) 0:5.0.96-0.6.1 (x86_64) 0:5.0.96-0.6.1 (i586|x86_64) 0:0.9.8j-0.50.1 (x86_64) 0:0.9.8j-0.50.1 (i586|x86_64) 0:3.2.0-10.3.1 (i586|x86_64) 0:2013.1.7-0.3.1 (i586|x86_64) 0:0.16.0-1.4.1 (x86_64) 0:0.16.0-1.4.1 (i586|x86_64) 0:0.3.1-2.6.1 (x86_64) 0:0.3.1-2.6.1 (i586|x86_64) 0:0.3.1-2.6.3 (x86_64) 0:0.3.1-2.6.3 (i586|x86_64) 0:0.2-5.18.1 (i586|x86_64) 0:3.8.2-141.154.1 (x86_64) 0:3.8.2-141.154.1 (i586|x86_64) 0:0.9.6-0.29.1 (i586|x86_64) 0:2.7.6-0.25.1 (x86_64) 0:2.7.6-0.25.1 (i586|x86_64) 0:1.1.24-19.23.1 (x86_64) 0:1.1.24-19.23.1 (i586|x86_64) 0:3.15.2-0.3.1 (x86_64) 0:3.15.2-0.3.1 (i586|x86_64) 0:4.10.1-0.3.1 (x86_64) 0:4.10.1-0.3.1 (i586|x86_64) 0:3.15.3-0.3.1 (x86_64) 0:3.15.3-0.3.1 (i586|x86_64) 0:4.10.2-0.3.1 (x86_64) 0:4.10.2-0.3.1 (i586|x86_64) 0:3.15.3.1-0.4.2.1 (x86_64) 0:3.15.3.1-0.4.2.1 (i586|x86_64) 0:5.1p1-41.57.1 (noarch) 0:1.95-0.4.1 (i586|x86_64) 0:2.0.9-143.33.3.1 (i586|x86_64) 0:5.10.0-64.61.61.1 (x86_64) 0:5.10.0-64.61.61.1 (i586|x86_64) 0:8.3.23-0.4.1 (i586|x86_64) 0:2.6.18-0.12.1 (i586|x86_64) 0:1.8.7.p357-0.9.13.1 (i586|x86_64) 0:4.4.0-6.21.1 (i586|x86_64) 0:1.7.6p2-0.2.12.1 (i586|x86_64) 0:0.1.5-1.5.1 (i586|x86_64) 0:1.0.7-5.10.1 (i586|x86_64) 0:2.28.1-2.5.1 (x86_64) 0:4.1.4_02-0.5.1 (i586|x86_64) 0:4.1.4_02_3.0.58_0.6.6-0.5.1 (i586) 0:4.1.4_02_3.0.58_0.6.6-0.5.1 (x86_64) 0:0.9.0-3.19.1 (x86_64) 0:0.5.10-0.5.1 (x86_64) 0:4.1.2_20_3.0.38_0.5-0.5.2 (i586|x86_64) 0:0.5.12-0.5.1 (x86_64) 0:4.1.3_02-0.5.1 (i586|x86_64) 0:4.1.3_02_3.0.38_0.5-0.5.1 (x86_64) 0:4.1.3_04-0.5.1 (i586|x86_64) 0:4.1.3_04_3.0.42_0.7-0.5.1 (i586) 0:4.1.3_04_3.0.42_0.7-0.5.1 (x86_64) 0:4.1.5_02-0.5.1 (i586|x86_64) 0:4.1.5_02_3.0.74_0.6.10-0.5.1 (i586) 0:4.1.5_02_3.0.74_0.6.10-0.5.1 (x86_64) 0:4.1.6_02-0.5.1 (i586|x86_64) 0:4.1.6_02_3.0.93_0.5-0.5.1 (i586) 0:4.1.6_02_3.0.93_0.5-0.5.1 (x86_64) 0:4.1.6_04-0.5.1 (i586|x86_64) 0:4.1.6_04_3.0.101_0.5-0.5.1 (i586) 0:4.1.6_04_3.0.101_0.5-0.5.1 (i586|x86_64) 0:7.4-27.70.76.1 (i586|x86_64) 0:7.4-8.26.40.1 (x86_64) 0:7.4-8.26.40.1 (i586|x86_64) 0:7.4-5.11.11.1 (x86_64) 0:7.4-5.11.11.1 (i586|x86_64) 0:7.4-1.18.1 (x86_64) 0:7.4-1.18.1 (i586|x86_64) 0:7.4-1.16.1 (x86_64) 0:7.4-1.16.1 (i586|x86_64) 0:7.4-1.19.1 (x86_64) 0:7.4-1.19.1 (i586|x86_64) 0:7.4-1.22.5.1 (x86_64) 0:7.4-1.22.5.1 (i586|x86_64) 0:1.6.166-0.5.1 (i586|x86_64) 0:24.6.0esr-0.8.1 (i586|x86_64) 0:24-0.7.48 (i586|x86_64) 0:3.16.1-0.8.1 (x86_64) 0:3.16.1-0.8.1 (i586|x86_64) 0:4.10.6-0.3.1 (x86_64) 0:4.10.6-0.3.1 (i586|x86_64) 0:6.4.3.6-7.30.1 (x86_64) 0:6.4.3.6-7.30.1 (i586|x86_64) 0:17.0.9esr-0.7.1 (i586|x86_64) 0:31.8.0esr-0.13.2 (i586|x86_64) 0:38.5.0esr-28.2 (i586|x86_64) 0:24.5.0esr-0.8.1 (i586|x86_64) 0:24-0.7.36 (i586|x86_64) 0:3.16-0.8.1 (x86_64) 0:3.16-0.8.1 (i586|x86_64) 0:4.10.4-0.3.1 (x86_64) 0:4.10.4-0.3.1 (i586|x86_64) 0:31.6.0esr-0.8.1 (i586|x86_64) 0:31.8.0esr-0.10.1 (i586|x86_64) 0:3.19.2_CKBI_1.98-0.10.1 (x86_64) 0:3.19.2_CKBI_1.98-0.10.1 (i586|x86_64) 0:4.10.8-0.5.1 (x86_64) 0:4.10.8-0.5.1 (i586|x86_64) 0:4.13-1326.37.1 (i586|x86_64) 0:0.9.0-3.15.1 (i586|x86_64) 0:0.9.0-3.17.2 (i586|x86_64) 0:3.2-147.22.1 (x86_64) 0:5.2-147.22.1 (i586|x86_64) 0:9.9.6P1-0.12.1 (x86_64) 0:9.9.6P1-0.12.1 (i586|x86_64) 0:9.9.6P1-0.15.1 (x86_64) 0:9.9.6P1-0.15.1 (i586|x86_64) 0:9.9.6P1-0.19.1 (x86_64) 0:9.9.6P1-0.19.1 (i586|x86_64) 0:9.9.6P1-0.22.1 (x86_64) 0:9.9.6P1-0.22.1 (i586|x86_64) 0:2.23.1-0.23.15 (i586|x86_64) 0:1.2-2.10.1 (i586|x86_64) 0:1.2-2.12.1 (i586|x86_64) 0:0.9.7g-146.22.31.1 (x86_64) 0:0.9.7g-146.22.31.1 (i586|x86_64) 0:0.9.7g-146.22.36.1 (x86_64) 0:0.9.7g-146.22.36.1 (i586|x86_64) 0:3.13_3.0.101_0.31-0.9.1 (i586) 0:3.13_3.0.101_0.31-0.9.1 (i586|x86_64) 0:2.9-75.78.1 (i586|x86_64) 0:1.3.9-8.46.52.2 (x86_64) 0:1.3.9-8.46.52.2 (i586|x86_64) 0:7.19.7-1.38.1 (x86_64) 0:7.19.7-1.38.1 (i586|x86_64) 0:7.19.7-1.46.1 (x86_64) 0:7.19.7-1.46.1 (i586|x86_64) 0:7.19.7-1.40.1 (x86_64) 0:7.19.7-1.40.1 (i586|x86_64) 0:1.2.10-3.31.1 (x86_64) 0:1.2.10-3.31.1 (i586|x86_64) 0:4.2.4.P2-0.24.1 (i586|x86_64) 0:3.2.3-45.5.3 (i586|x86_64) 0:1.41.9-2.10.11.1 (i586|x86_64) 0:2.19.1-6.62.7 (x86_64) 0:2.19.1-6.62.7 (x86_64) 0:1.41.9-2.10.11.1 (i586|x86_64) 0:61-1.35.1 (x86_64) 0:61-1.35.1 (i586|x86_64) 0:0.152-4.9.17 (i586|x86_64) 0:2.28.2-0.32.1 (x86_64) 0:2.28.2-0.32.1 (i586|x86_64) 0:4.24-43.27.1 (x86_64) 0:4.24-43.27.1 (i586|x86_64) 0:2.6.6-0.23.1 (i586|x86_64) 0:17.0.7esr-0.8.1 (i586|x86_64) 0:7-0.12.1 (i586|x86_64) 0:17.0.10esr-0.7.4 (i586|x86_64) 0:7-0.12.41 (i586|x86_64) 0:24.3.0esr-0.8.1 (i586|x86_64) 0:24-0.7.14 (i586|x86_64) 0:3.15.4-0.7.1 (x86_64) 0:3.15.4-0.7.1 (i586|x86_64) 0:24.4.0esr-0.8.1 (i586|x86_64) 0:24-0.7.23 (i586|x86_64) 0:24.7.0esr-0.8.2 (i586|x86_64) 0:3.16.2-0.8.1 (x86_64) 0:3.16.2-0.8.1 (i586|x86_64) 0:24.8.0esr-0.8.1 (i586|x86_64) 0:3.16.4-0.8.1 (x86_64) 0:3.16.4-0.8.1 (i586|x86_64) 0:4.10.7-0.3.1 (x86_64) 0:4.10.7-0.3.1 (i586|x86_64) 0:31.3.0esr-0.8.1 (i586|x86_64) 0:31.4.0esr-0.8.7 (i586|x86_64) 0:3.17.3-0.8.11 (x86_64) 0:3.17.3-0.8.11 (i586|x86_64) 0:31.5.3esr-0.8.1 (i586|x86_64) 0:31.7.0esr-0.8.1 (i586|x86_64) 0:4.10.9-11.1 (x86_64) 0:4.10.9-11.1 (i586|x86_64) 0:38.3.0esr-22.1 (i586|x86_64) 0:38.4.0esr-25.6 (i586|x86_64) 0:38-15.31 (i586|x86_64) 0:3.19.2.1-19.3 (x86_64) 0:3.19.2.1-19.3 (i586|x86_64) 0:4.10.10-16.1 (x86_64) 0:4.10.10-16.1 (i586|x86_64) 0:24.2.0esr-0.7.1 (i586|x86_64) 0:24-0.7.4 (i586|x86_64) 0:3.15.3.1-0.7.1 (x86_64) 0:3.15.3.1-0.7.1 (i586|x86_64) 0:31.2.0esr-0.16.1 (i586|x86_64) 0:31.0-0.10.1 (i586|x86_64) 0:3.17.2-0.8.1 (x86_64) 0:3.17.2-0.8.1 (i586|x86_64) 0:4.10.7-0.3.3 (x86_64) 0:4.10.7-0.3.3 (i586|x86_64) 0:38.2.1esr-19.3 (i586|x86_64) 0:31.0-0.12.51 (i586|x86_64) 0:3.19.2.0-0.16.1 (x86_64) 0:3.19.2.0-0.16.1 (i586|x86_64) 0:1.2.1-68.17.1 (x86_64) 0:1.2.1-68.17.1 (i586|x86_64) 0:11.2.202.418-0.3.1 (i586|x86_64) 0:11.2.202.481-0.8.2 (i586|x86_64) 0:11.2.202.491-0.11.1 (i586|x86_64) 0:11.2.202.508-0.14.1 (i586|x86_64) 0:11.2.202.521-0.17.1 (i586|x86_64) 0:11.2.202.535-0.20.1 (i586|x86_64) 0:11.2.202.540-0.23.1 (i586|x86_64) 0:11.2.202.548-0.26.1 (i586|x86_64) 0:11.2.202.554-0.29.1 (i586|x86_64) 0:11.2.202.559-0.32.1 (i586|x86_64) 0:3.0.2-269.39.1 (i586|x86_64) 0:2.3.7-25.34.1 (x86_64) 0:2.3.7-25.34.1 (i586|x86_64) 0:2.8.7-0.11.1 (i586|x86_64) 0:2.0.36.RC1-52.20.1 (i586|x86_64) 0:4.1.6-13.1 (x86_64) 0:4.1.6-13.1 (i586|x86_64) 0:2.6.2-3.34.45.1 (i586|i686|x86_64) 0:2.11.3-17.72.14 (x86_64) 0:2.11.3-17.72.14 (i586|i686|x86_64) 0:2.11.3-17.87.3 (x86_64) 0:2.11.3-17.87.3 (i586|i686|x86_64) 0:2.11.3-17.95.2 (x86_64) 0:2.11.3-17.95.2 (i586|x86_64) 0:2.4.1-24.39.51.1 (x86_64) 0:2.4.1-24.39.51.1 (i586|x86_64) 0:2.4.1-24.39.57.1 (x86_64) 0:2.4.1-24.39.57.1 (i586|x86_64) 0:2.4.1-24.39.60.1 (x86_64) 0:2.4.1-24.39.60.1 (i586|x86_64) 0:2.0.9-25.33.39.1 (i586|x86_64) 0:2.0.9-25.33.41.2 (i586|x86_64) 0:1.1.6-25.32.1 (x86_64) 0:2.00-0.49.2 (i586|x86_64) 0:0.10.22-7.11.1 (x86_64) 0:0.10.22-7.11.1 (i586|x86_64) 0:2.18.9-0.35.1 (x86_64) 0:2.18.9-0.35.1 (i586|x86_64) 0:2.18.9-0.39.1 (x86_64) 0:2.18.9-0.39.1 (i586|x86_64) 0:1.4.2-0.7.1 (i586|x86_64) 0:1.900.1-134.17.1 (x86_64) 0:1.900.1-134.17.1 (i586|x86_64) 0:1.7.0.71-0.7.1 (i586|x86_64) 0:1.7.0.85-0.11.2 (i586|x86_64) 0:1.7.0.91-0.14.2 (i586|x86_64) 0:1.7.0.95-0.17.2 (i586|x86_64) 0:4.3.5-0.12.18.1 (noarch) 0:4.3.5-0.11.18.1 (i586|x86_64) 0:4.3.5-0.3.1 (i586|x86_64) 0:4.3.5-0.12.20.1 (noarch) 0:4.3.5-0.11.20.1 (i586|x86_64) 0:4.3.5-0.14.1 (i586|x86_64) 0:2.4.4-255.28.1 (x86_64) 0:3.0.101-0.47.55.1 (i586|x86_64) 0:3.0.101-0.40.1 (i586) 0:3.0.101-0.40.1 (i586|x86_64) 0:4.2.4_04_3.0.101_0.40-0.7.3 (i586) 0:4.2.4_04_3.0.101_0.40-0.7.3 (x86_64) 0:3.0.101-0.47.67.2 (i586|x86_64) 0:3.0.101-0.47.67.2 (i586) 0:3.0.101-0.47.67.2 (x86_64) 0:3.0.101-0.40.1 (x86_64) 0:3.0.101-0.47.71.1 (i586|x86_64) 0:3.0.101-0.47.71.1 (i586) 0:3.0.101-0.47.71.1 (x86_64) 0:1.6.3-133.49.62.1 (x86_64) 0:1.6.3-133.49.97.1 (x86_64) 0:1.6.3-133.49.103.1 (x86_64) 0:1.6.3-133.49.64.1 (x86_64) 0:1.6.3-133.49.66.1 (x86_64) 0:1.6.3-133.49.68.1 (i586|x86_64) 0:1.4.2-0.17.1 (i586|x86_64) 0:1.4.2-0.22.34.3 (i586|x86_64) 0:1.4.2-37.1 (i586|x86_64) 0:1.4.2-0.21.4 (i586|x86_64) 0:1.0.5.9-0.19.3 (i586|x86_64) 0:4.6.3-5.29.2 (x86_64) 0:4.6.3-5.29.2 (i586|x86_64) 0:9.1.12-0.3.1 (x86_64) 0:9.1.12-0.3.1 (i586|x86_64) 0:1.4.5-24.24.1 (i586|x86_64) 0:3.16.5-0.7.1 (x86_64) 0:3.16.5-0.7.1 (i586|x86_64) 0:1.8.2-1.24.1 (i586|x86_64) 0:1.5.0-0.19.1 (x86_64) 0:1.5.0-0.19.1 (i586|x86_64) 0:1.5.0-0.17.1 (x86_64) 0:1.5.0-0.17.1 (i586|x86_64) 0:1.900.1-134.13.1 (x86_64) 0:1.900.1-134.13.1 (i586|x86_64) 0:1.0.4-1.18.1 (i586|x86_64) 0:1.0.4-1.20.1 (i586|x86_64) 0:2.03-12.3.1 (x86_64) 0:2.03-12.3.1 (i586|x86_64) 0:2.3.2-3.118.1 (i586|x86_64) 0:0.0.20060920alpha-74.5.1 (i586|x86_64) 0:0.0.20060920alpha-74.10.1 (i586|x86_64) 0:5.5.39-0.7.1 (x86_64) 0:5.5.39-0.7.1 (i586|x86_64) 0:5.0.96-0.6.13 (x86_64) 0:5.0.96-0.6.13 (i586|x86_64) 0:0.9.8j-0.66.1 (x86_64) 0:0.9.8j-0.66.1 (i586|x86_64) 0:0.24.4-0.15.1 (x86_64) 0:0.24.4-0.15.1 (i586|x86_64) 0:1.2.31-5.33.1 (x86_64) 0:1.2.31-5.33.1 (i586|x86_64) 0:1.2.31-5.35.1 (x86_64) 0:1.2.31-5.35.1 (i586|x86_64) 0:1.2.31-5.38.1 (x86_64) 0:1.2.31-5.38.1 (i586|x86_64) 0:0.9.23-0.15.1 (x86_64) 0:0.9.23-0.15.1 (i586|x86_64) 0:4.6.3-5.32.1 (x86_64) 0:4.6.3-5.32.1 (i586|x86_64) 0:4.6.3-5.34.2 (x86_64) 0:4.6.3-5.34.2 (i586|x86_64) 0:2.26.0-2.5.1 (x86_64) 0:2.26.0-2.5.1 (i586|x86_64) 0:1.0.20-2.6.5 (x86_64) 0:1.0.20-2.6.5 (i586|x86_64) 0:1.0.20-2.10.2 (x86_64) 0:1.0.20-2.10.2 (i586|x86_64) 0:5.4.2.1-8.12.22.1 (i586|x86_64) 0:0.2-5.20.1 (i586|x86_64) 0:1.5-1.28.1 (x86_64) 0:1.5-1.28.1 (i586|x86_64) 0:0.4.1-16.20.2 (x86_64) 0:0.4.1-16.20.2 (i586|x86_64) 0:1.0.5.9-0.9.1 (i586|x86_64) 0:0.9.1-156.1 (i586|x86_64) 0:0.2.8.4-206.29.29.1 (i586|x86_64) 0:2.2.3-0.8.1 (i586|x86_64) 0:2.7.6-0.31.1 (x86_64) 0:2.7.6-0.31.1 (i586|x86_64) 0:2.7.6-0.34.1 (x86_64) 0:2.7.6-0.34.1 (i586|x86_64) 0:2.7.6-0.34.4 (i586|x86_64) 0:2.7.6-0.37.1 (x86_64) 0:2.7.6-0.37.1 (i586|x86_64) 0:2.7.6-0.37.4 (i586|x86_64) 0:38.6.0esr-31.3 (i586|x86_64) 0:38-18.24 (i586|x86_64) 0:3.20.2-25.2 (x86_64) 0:3.20.2-25.2 (i586|x86_64) 0:4.10.8-0.8.1 (x86_64) 0:4.10.8-0.8.1 (i586|x86_64) 0:3.19.2.2-22.1 (x86_64) 0:3.19.2.2-22.1 (i586|x86_64) 0:3.15.2-0.8.1 (x86_64) 0:3.15.2-0.8.1 (i586|x86_64) 0:1.5.17-42.37.1 (i586|x86_64) 0:5.5.45-0.11.1 (x86_64) 0:5.5.45-0.11.1 (i586|x86_64) 0:5.5.46-0.14.1 (x86_64) 0:5.5.46-0.14.1 (i586|x86_64) 0:5.5.47-0.17.1 (x86_64) 0:5.5.47-0.17.1 (i586|x86_64) 0:5.4.2.1-8.12.24.1 (i586|x86_64) 0:3.0.0-0.20.1 (i586|x86_64) 0:3.0.0-0.10.1 (i586|x86_64) 0:3.15.3-0.8.1 (x86_64) 0:3.15.3-0.8.1 (x86_64) 0:2.4.26-0.35.1 (x86_64) 0:2.4.26-0.30.1 (x86_64) 0:2.4.26-0.62.2 (x86_64) 0:1.2.0-172.24.1 (i586|x86_64) 0:6.2p2-0.13.1 (i586|x86_64) 0:6.2p2-0.21.1 (i586|x86_64) 0:6.2p2-0.21.3 (i586|x86_64) 0:6.2p2-0.24.1 (i586|x86_64) 0:6.2p2-0.24.3 (i586|x86_64) 0:0.9.8j-0.80.1 (x86_64) 0:0.9.8j-0.80.1 (noarch) 0:1.97-0.3.1 (i586|x86_64) 0:2.0.9-143.40.5 (i586|x86_64) 0:2.28.3-0.5.10 (i586|x86_64) 0:1.1.5-0.12.1 (x86_64) 0:1.1.5-0.12.1 (i586|x86_64) 0:5.10.0-64.70.1 (x86_64) 0:5.10.0-64.70.1 (i586|x86_64) 0:0.2808.01-0.70.1 (i586|x86_64) 0:0.72-0.70.1 (i586|x86_64) 0:1.7-37.60.2 (x86_64) 0:1.7-37.60.2 (i586|x86_64) 0:4.4.2.3-37.60.2 (x86_64) 0:4.4.2.3-37.60.2 (i586|x86_64) 0:9.4.5-0.8.3 (x86_64) 0:9.4.5-0.8.3 (i586|x86_64) 0:9.1.15-0.3.1 (x86_64) 0:9.1.15-0.3.1 (i586|x86_64) 0:9.1.18-0.3.1 (i586|x86_64) 0:9.1.19-0.5.1 (i586|x86_64) 0:2.4.5.git-2.29.1 (i586|x86_64) 0:3.22-240.8.1 (i586|x86_64) 0:2.6.18-0.16.1 (i586|x86_64) 0:1.10.10-120.35.1 (i586|x86_64) 0:2.3.6-0.13.1 (i586|x86_64) 0:0.6c8-10.19.6.1 (i586|x86_64) 0:0.6c11-6.1 (i586|x86_64) 0:0.1.6+git20080930-6.24.1 (i586|x86_64) 0:3.0.4-2.49.1 (i586|x86_64) 0:1.8.7.p357-0.9.15.1 (i586|x86_64) 0:9.05-1.19.1 (i586|x86_64) 0:3.6.3-0.56.1 (x86_64) 0:3.6.3-0.56.1 (noarch) 0:3.6.3-0.56.1 (i586|x86_64) 0:3.6.3-64.1 (x86_64) 0:3.6.3-64.1 (noarch) 0:3.6.3-64.1 (i586|x86_64) 0:1.3.11-0.25.4 (x86_64) 0:0.7.318.81ee561d-0.9.2 (i586|x86_64) 0:4.4.0-6.25.1 (i586|x86_64) 0:4.4.0-6.32.1 (i586|x86_64) 0:1.7.6p2-0.21.1 (i586|x86_64) 0:3.9.8-1.27.1 (i586|x86_64) 0:1.0-37.1 (i586|x86_64) 0:3.8.2-141.160.1 (x86_64) 0:3.8.2-141.160.1 (i586|x86_64) 0:6.00-11.13.1 (i586|x86_64) 0:1.1.1-174.1 (i586|x86_64) 0:1.11.4-1.19.1 (i586|x86_64) 0:0.7.1-6.15.1 (i586|x86_64) 0:0.7.1-6.17.4 (x86_64) 0:4.2.5_06-0.7.1 (i586|x86_64) 0:4.2.5_06_3.0.101_0.47.52-0.7.1 (i586) 0:4.2.5_06_3.0.101_0.47.52-0.7.1 (x86_64) 0:4.2.5_02_3.0.101_0.40-0.7.1 (x86_64) 0:4.2.5_12-15.1 (i586|x86_64) 0:4.2.5_12_3.0.101_0.47.55-15.1 (i586) 0:4.2.5_12_3.0.101_0.47.55-15.1 (x86_64) 0:4.2.5_14-18.2 (i586|x86_64) 0:4.2.5_14_3.0.101_0.47.67-18.2 (i586) 0:4.2.5_14_3.0.101_0.47.67-18.2 (x86_64) 0:4.2.2_06-0.7.1 (i586|x86_64) 0:4.2.2_06_3.0.82_0.7-0.7.1 (i586) 0:4.2.2_06_3.0.82_0.7-0.7.1 (x86_64) 0:4.2.3_02-0.7.1 (i586|x86_64) 0:4.2.3_02_3.0.93_0.8-0.7.1 (i586) 0:4.2.3_02_3.0.93_0.8-0.7.1 (x86_64) 0:4.2.3_08-0.7.1 (i586|x86_64) 0:4.2.3_08_3.0.101_0.8-0.7.1 (i586) 0:4.2.3_08_3.0.101_0.8-0.7.1 (x86_64) 0:4.2.4_02-0.7.1 (i586|x86_64) 0:4.2.4_02_3.0.101_0.15-0.7.1 (i586) 0:4.2.4_02_3.0.101_0.15-0.7.1 (x86_64) 0:4.2.4_04-0.9.1 (i586|x86_64) 0:4.2.4_04_3.0.101_0.40-0.9.1 (i586) 0:4.2.4_04_3.0.101_0.40-0.9.1 (x86_64) 0:4.2.5_04-0.9.1 (i586|x86_64) 0:4.2.5_04_3.0.101_0.47.52-0.9.1 (i586) 0:4.2.5_04_3.0.101_0.47.52-0.9.1 (x86_64) 0:4.2.5_08-0.9.1 (i586|x86_64) 0:4.2.5_08_3.0.101_0.47.55-0.9.1 (i586) 0:4.2.5_08_3.0.101_0.47.55-0.9.1 (x86_64) 0:4.2.5_18-21.1 (i586|x86_64) 0:4.2.5_18_3.0.101_0.47.71-21.1 (i586) 0:4.2.5_18_3.0.101_0.47.71-21.1 (i586|x86_64) 0:3.1.8-0.7.1 (i586|x86_64) 0:2.3.14-130.133.1 (i586|x86_64) 0:7.4-8.26.42.1 (x86_64) 0:7.4-8.26.42.1 (i586|x86_64) 0:7.4-5.11.15.1 (x86_64) 0:7.4-5.11.15.1 (i586|x86_64) 0:7.4-1.18.2 (x86_64) 0:7.4-1.18.2 (i586|x86_64) 0:7.4-1.16.2 (x86_64) 0:7.4-1.16.2 (i586|x86_64) 0:7.4-1.19.2 (x86_64) 0:7.4-1.19.2 (i586|x86_64) 0:5.07-6.36.1 (i586|x86_64) 0:38.6.1esr-34.1 (i586|x86_64) 0:38.7.0esr-37.3 (i586|x86_64) 0:3.20.2-28.1 (x86_64) 0:3.20.2-28.1 (i586|x86_64) 0:4.12-24.1 (x86_64) 0:4.12-24.1 (x86_64) 0:4.4.2_12-23.1 (i586|x86_64) 0:4.4.2_12_3.0.101_63-23.1 (i586) 0:4.4.2_12_3.0.101_63-23.1 (i586|x86_64) 0:9.9.6P1-0.25.1 (x86_64) 0:9.9.6P1-0.25.1 (i586|x86_64) 0:0.9.7g-146.22.41.1 (x86_64) 0:0.9.7g-146.22.41.1 (i586|x86_64) 0:6.3.8.90-13.20.21.1 (i586|x86_64) 0:11.2.202.569-0.35.1 (i586|x86_64) 0:11.2.202.577-0.38.1 (x86_64) 0:2.00-0.54.2 (i586|x86_64) 0:1.5.3-0.9.1 (i586|x86_64) 0:1.7.0.99-0.20.2 (i586|x86_64) 0:3.0.101-65.1 (i586) 0:3.0.101-65.1 (i586|x86_64) 0:3.0.101-71.1 (i586) 0:3.0.101-71.1 (i586|x86_64) 0:3.0.101-68.1 (i586) 0:3.0.101-68.1 (x86_64) 0:1.6.3-133.49.106.1 (i586|x86_64) 0:1.4.2-32.1 (i586|x86_64) 0:1.4.2-35.1 (i586|x86_64) 0:3.2.0-10.5.1 (i586|x86_64) 0:1.2.5-12.3 (i586|x86_64) 0:2.6.7-0.16.1 (i586|x86_64) 0:4.2.8p4-5.1 (i586|x86_64) 0:6.6p1-13.1 (i586|x86_64) 0:6.6p1-13.3 (i586|x86_64) 0:6.6p1-16.1 (i586|x86_64) 0:6.6p1-16.4 (i586|x86_64) 0:0.9.8j-0.89.1 (x86_64) 0:0.9.8j-0.89.1 (i586|x86_64) 0:9.4.6-0.14.3 (x86_64) 0:9.4.6-0.14.3 (i586|x86_64) 0:3.6.3-67.2 (x86_64) 0:3.6.3-67.2 (noarch) 0:3.6.3-67.2 (i586|x86_64) 0:1.7.0.0-1.18.2 (i586|x86_64) 0:3.8.2-141.163.1 (x86_64) 0:3.8.2-141.163.1 (x86_64) 0:4.4.2_10-5.1 (i586|x86_64) 0:4.4.2_10_3.0.101_63-5.1 (i586) 0:4.4.2_10_3.0.101_63-5.1 (x86_64) 0:4.4.3_02-26.2 (i586|x86_64) 0:4.4.3_02_3.0.101_65-26.2 (i586) 0:4.4.3_02_3.0.101_65-26.2 (x86_64) 0:4.4.4_02-32.1 (i586|x86_64) 0:4.4.4_02_3.0.101_68-32.1 (i586) 0:4.4.4_02_3.0.101_68-32.1 (x86_64) 0:4.4.3_06-29.1 (i586|x86_64) 0:4.4.3_06_3.0.101_65-29.1 (i586) 0:4.4.3_06_3.0.101_65-29.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.0-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.1-0.17.1 (x86_64) 0:1.4_3.0.101_0.47.55-2.28.1.21 (i586|ia64|ppc64|s390x|x86_64) 0:1.4_3.0.101_0.40-2.27.98 (i586) 0:1.4_3.0.101_0.40-2.27.98 (ppc64) 0:1.4_3.0.101_0.40-2.27.98 (i586|x86_64) 0:1.4_3.0.101_0.40-2.27.98 (x86_64) 0:2_3.0.101_0.47.55-0.17.1.21 (i586|ia64|ppc64|s390x|x86_64) 0:2_3.0.101_0.40-0.16.104 (i586) 0:2_3.0.101_0.40-0.16.104 (ppc64) 0:2_3.0.101_0.40-0.16.104 (i586|x86_64) 0:2_3.0.101_0.40-0.16.104 (x86_64) 0:1.6_3.0.101_0.47.55-0.21.1.21 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_0.40-0.20.98 (i586) 0:1.6_3.0.101_0.40-0.20.98 (ppc64) 0:1.6_3.0.101_0.40-0.20.98 (i586|x86_64) 0:1.6_3.0.101_0.40-0.20.98 (x86_64) 0:1.4_3.0.101_0.40-2.27.98 (x86_64) 0:8.4.4_3.0.101_0.40-0.22.64 (x86_64) 0:2_3.0.101_0.40-0.16.104 (x86_64) 0:1.6_3.0.101_0.40-0.20.98 (i586|ppc64|s390x|x86_64) 0:1.34-0.13.7.1 (i586|ppc64|s390x|x86_64) 0:2.4.1-24.39.76.1 (i586|ppc64|s390x|x86_64) 0:2.20.2-8.3.6 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.0+git.1430140184.8e872c5-7.1 (ppc64) 0:1.4_3.0.101_108.7-2.32.2.14 (i586|ia64|ppc64|s390x|x86_64) 0:1.4_3.0.101_108.7-2.32.2.14 (i586) 0:1.4_3.0.101_108.7-2.32.2.14 (i586|x86_64) 0:1.4_3.0.101_108.7-2.32.2.14 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4-0.27.2.1 (ppc64) 0:8.4.4_3.0.101_108.7-0.27.2.13 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4_3.0.101_108.7-0.27.2.13 (i586) 0:8.4.4_3.0.101_108.7-0.27.2.13 (i586|x86_64) 0:8.4.4_3.0.101_108.7-0.27.2.13 (x86_64) 0:8.4.4-0.27.2.1 (ppc64) 0:2_3.0.101_108.7-0.24.2.14 (i586|ia64|ppc64|s390x|x86_64) 0:2_3.0.101_108.7-0.24.2.14 (i586) 0:2_3.0.101_108.7-0.24.2.14 (i586|x86_64) 0:2_3.0.101_108.7-0.24.2.14 (ppc64) 0:1.6_3.0.101_108.7-0.28.3.4 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_108.7-0.28.3.4 (i586) 0:1.6_3.0.101_108.7-0.28.3.4 (i586|x86_64) 0:1.6_3.0.101_108.7-0.28.3.4 (ppc64) 0:1.4_3.0.101_108.35-2.32.4.6 (i586|ia64|ppc64|s390x|x86_64) 0:1.4_3.0.101_108.35-2.32.4.6 (i586) 0:1.4_3.0.101_108.35-2.32.4.6 (i586|x86_64) 0:1.4_3.0.101_108.35-2.32.4.6 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4-0.27.4.2 (ppc64) 0:8.4.4_3.0.101_108.35-0.27.4.6 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4_3.0.101_108.35-0.27.4.6 (i586) 0:8.4.4_3.0.101_108.35-0.27.4.6 (i586|x86_64) 0:8.4.4_3.0.101_108.35-0.27.4.6 (x86_64) 0:8.4.4-0.27.4.2 (ppc64) 0:2_3.0.101_108.35-0.24.4.6 (i586|ia64|ppc64|s390x|x86_64) 0:2_3.0.101_108.35-0.24.4.6 (i586) 0:2_3.0.101_108.35-0.24.4.6 (i586|x86_64) 0:2_3.0.101_108.35-0.24.4.6 (ppc64) 0:1.6_3.0.101_108.35-0.28.5.6 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_108.35-0.28.5.6 (i586) 0:1.6_3.0.101_108.35-0.28.5.6 (i586|x86_64) 0:1.6_3.0.101_108.35-0.28.5.6 (ppc64) 0:1.6_3.0.101_108.87-0.28.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_108.87-0.28.7.1 (i586) 0:1.6_3.0.101_108.87-0.28.7.1 (i586|x86_64) 0:1.6_3.0.101_108.87-0.28.7.1 (ppc64) 0:1.6_3.0.101_108.108-0.28.11.2 (i586|ppc64|s390x|x86_64) 0:1.6_3.0.101_108.108-0.28.11.2 (i586) 0:1.6_3.0.101_108.108-0.28.11.2 (i586|x86_64) 0:1.6_3.0.101_108.108-0.28.11.2 (ppc64) 0:1.4_3.0.101_108.87-2.32.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4_3.0.101_108.87-2.32.6.1 (i586) 0:1.4_3.0.101_108.87-2.32.6.1 (i586|x86_64) 0:1.4_3.0.101_108.87-2.32.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4-0.27.6.1 (ppc64) 0:8.4.4_3.0.101_108.87-0.27.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.4.4_3.0.101_108.87-0.27.6.1 (i586) 0:8.4.4_3.0.101_108.87-0.27.6.1 (i586|x86_64) 0:8.4.4_3.0.101_108.87-0.27.6.1 (x86_64) 0:8.4.4-0.27.6.1 (ppc64) 0:2_3.0.101_108.87-0.24.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2_3.0.101_108.87-0.24.6.1 (i586) 0:2_3.0.101_108.87-0.24.6.1 (i586|x86_64) 0:2_3.0.101_108.87-0.24.6.1 (ppc64) 0:1.6_3.0.101_108.87-0.28.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_108.87-0.28.9.1 (i586) 0:1.6_3.0.101_108.87-0.28.9.1 (i586|x86_64) 0:1.6_3.0.101_108.87-0.28.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.12-18.1 (i586|ppc64|s390x|x86_64) 0:3.9.5-50.19.1 (i586) 0:6.4.3.6-78.92.1 (i586) 0:6.4.3.6-78.135.1 (i586) 0:0.9.1-160.6.1 (i586) 0:0.9.1-160.9.1 (i586) 0:0.9.1-160.14.1 (i586) 0:0.9.1-160.19.1 (i586) 0:0.9.1-160.22.1 (i586) 0:45.2.0esr-45.2 (i586) 0:45.0-23.10 (i586) 0:2.11.0-2.1 (i586) 0:3.21.1-35.1 (i586) 0:4.12-29.1 (i586) 0:45.3.0esr-50.1 (i586) 0:45.4.0esr-53.1 (i586) 0:45.6.0esr-62.1 (i586) 0:45.7.0esr-65.2 (i586) 0:45.8.0esr-68.1 (i586) 0:45.9.0esr-71.2 (i586) 0:3.29.5-46.1 (i586) 0:4.13.1-32.1 (i586) 0:52.2.0esr-72.5.2 (i586) 0:52-24.3.44 (i586) 0:5.3.1+r233831-7.1 (i586) 0:3.29.5-47.3.2 (i586) 0:52.3.0esr-72.9.1 (i586) 0:52-24.5.1 (i586) 0:52.5.0esr-72.17.1 (i586) 0:52.6.0esr-72.20.2 (i586) 0:52.7.3esr-72.27.2 (i586) 0:52.8.0esr-72.32.1 (i586) 0:52.8.1esr-72.35.1 (i586) 0:52.9.0esr-72.38.6 (i586) 0:1.6.1-83.17.25.1 (i586) 0:1.6.1-83.17.30.1 (noarch) 0:3.4.0-18.1 (noarch) 0:3.5.5-18.1 (i586|x86_64) 0:3.5.5-18.1 (i586|x86_64) 0:1.9-18.1 (i586|x86_64) 0:1.0-18.1 (i586) 0:1.2.13-106.11.1 (i586) 0:1.2.13-106.21.1 (i586) 0:1.4-75.3.1 (i586) 0:0.13.1-40.16.6.1 (i586) 0:2.2.34-70.12.1 (i586) 0:2.2.34-70.18.1 (i586) 0:2.2.34-70.27.1 (i586) 0:2.2.34-70.35.1 (i586) 0:2.2.34-70.38.1 (i586) 0:2.2.34-70.41.1 (i586) 0:1.0.14-0.4.25.1 (i586) 0:2.0.4-40.63.3.3 (i586) 0:2.1a15-131.23.2.6.1 (i586) 0:0.60.6-26.36.1 (i586) 0:0.7.0-135.23.3.1 (i586) 0:9.9.6P1-0.30.1 (i586) 0:9.9.6P1-0.33.1 (i586) 0:9.9.6P1-0.36.1 (i586) 0:9.9.6P1-0.39.1 (i586) 0:9.9.6P1-0.44.1 (i586) 0:9.9.6P1-0.47.1 (i586) 0:9.9.6P1-0.50.1 (i586) 0:9.9.6P1-0.51.7.1 (i586) 0:9.9.6P1-0.51.15.4 (i586) 0:9.9.6P1-0.51.20.1 (i586) 0:9.9.6P1-0.51.23.1 (i586) 0:9.9.6P1-0.51.26.1 (i586) 0:2.5.5-9.1 (i586) 0:1.0.5-34.256.5.1 (i586) 0:1.0.5-34.256.8.1 (i586) 0:5.1-0.14.3.1 (i586) 0:0.99.2-0.19.1 (i586) 0:0.99.3-0.20.3.2 (i586) 0:0.99.4-0.20.7.2 (i586) 0:0.100.1-0.20.15.1 (i586) 0:0.100.2-0.20.18.1 (i586) 0:0.100.3-0.20.21.1 (i586) 0:0.100.3-0.20.26.1 (i586) 0:0.100.3-0.20.29.1 (i586) 0:0.103.0-0.20.32.1 (i586) 0:0.103.2-0.20.35.1 (i586) 0:0.103.4-0.20.41.1 (i586) 0:0.103.5-0.20.44.1 (i586) 0:2.9-75.81.8.1 (i586) 0:2.9-75.81.14.1 (i586) 0:1.3.9-8.46.56.8.1 (i586) 0:1.3.9-8.46.56.11.1 (i586) 0:1.3.9-8.46.56.18.1 (i586) 0:7.19.7-1.61.1 (i586) 0:7.37.0-70.27.1 (i586) 0:7.37.0-70.41.2 (i586) 0:7.37.0-70.44.1 (i586) 0:7.37.0-70.47.1 (i586) 0:7.37.0-70.66.1 (i586) 0:2.1.22-182.26.4.1 (i586) 0:2.1.22-182.26.7.1 (i586) 0:1.2.10-3.34.8.1 (i586) 0:4.2.4.P2-0.27.1 (i586) 0:4.2.4.P2-0.28.8.1 (i586) 0:4.2.4.P2-0.28.12.1 (i586) 0:3.5.21-3.9.1 (i586) 0:3.5.21-3.12.1 (i586) 0:3.5.21-3.15.1 (i586) 0:3.5.21-3.18.1 (i586) 0:2.78-0.16.5.1 (i586) 0:2.78-0.16.14.1 (i586) 0:2.78-0.16.17.1 (i586) 0:22.3-42.3.1 (i586) 0:2.28.2-0.7.8.1 (i586) 0:2.0.1-88.42.12.1 (i586) 0:2.0.1-88.42.15.1 (i586) 0:2.0.1-88.42.18.1 (i586) 0:2.0.1-88.42.22.1 (i586) 0:52.4.0esr-72.13.2 (i586) 0:3.29.5-47.6.1 (i586) 0:4.3.4_20091019-37.3.1 (i586) 0:4.3.4_20091019-37.9.1 (i586) 0:7.5.1-0.9.6.1 (i586) 0:8.62-32.38.1 (i586) 0:4.2.7-32.38.1 (i586) 0:8.62-32.46.1 (i586) 0:4.2.7-32.46.1 (i586) 0:8.62-32.47.13.1 (i586) 0:4.2.7-32.47.13.1 (i586) 0:8.62-47.16.1 (i586) 0:4.2.7-47.16.1 (i586) 0:2.22.5-0.8.39.1 (i586|i686) 0:2.11.3-17.109.1 (i586) 0:2.11.3-17.109.1 (i586|i686) 0:2.11.3-17.110.3.1 (i586) 0:2.11.3-17.110.3.1 (i586|i686) 0:2.11.3-17.110.6.2 (i586) 0:2.11.3-17.110.6.2 (i586|i686) 0:2.11.3-17.110.14.1 (i586) 0:2.11.3-17.110.14.1 (i586|i686) 0:2.11.3-17.110.19.2 (i586) 0:2.11.3-17.110.19.2 (i586|i686) 0:2.11.3-17.110.24.2 (i586) 0:2.11.3-17.110.24.2 (i586|i686) 0:2.11.3-17.110.33.1 (i586) 0:2.11.3-17.110.33.1 (i586|i686) 0:2.11.3-17.110.37.1 (i586) 0:2.11.3-17.110.37.1 (i586|i686) 0:2.11.3-17.110.40.1 (i586) 0:2.11.3-17.110.40.1 (i586) 0:2.0.9-25.33.42.3.1 (i586) 0:0.10.35-5.18.5.1 (i586) 0:2.4.2-170.21.3.6.1 (noarch) 0:1.1.1-1.37.3.1 (i586) 0:1.900.14-134.33.20.1 (i586) 0:1.6.0_sr16.30-75.1 (i586) 0:1.6.0_sr16.35-78.2 (i586) 0:1.6.0_sr16.45-84.1 (i586) 0:1.6.0_sr16.50-85.5.1 (i586) 0:1.7.0_sr9.50-55.1 (i586) 0:1.7.0_sr9.60-58.2 (i586) 0:1.7.0_sr10.1-61.1 (i586) 0:1.7.0_sr10.5-64.1 (i586) 0:1.7.0_sr10.15-65.8.1 (i586) 0:1.7.0_sr10.20-65.13.1 (i586) 0:1.7.0_sr10.25-65.25.1 (i586) 0:1.7.0_sr10.30-65.28.1 (i586) 0:1.7.0_sr10.35-65.31.1 (i586) 0:1.7.0_sr10.40-65.35.1 (i586) 0:1.7.0_sr10.50-65.42.1 (i586) 0:1.7.0_sr10.55-65.45.1 (i586) 0:1.7.0_sr10.60-65.48.1 (i586) 0:1.7.0_sr10.65-65.51.1 (i586) 0:1.7.0_sr10.70-65.54.1 (i586) 0:1.7.0_sr10.75-65.57.1 (i586) 0:1.7.0_sr10.80-65.60.1 (i586) 0:1.7.0_sr11.5-65.66.1 (i586) 0:1.7.0_sr11.0-65.63.1 (i586) 0:3.0.101-0.47.86.1 (i586) 0:3.0.101-0.47.93.1 (i586) 0:3.0.101-0.47.99.1 (i586) 0:3.0.101-0.47.102.1 (i586) 0:3.0.101-0.47.105.1 (i586) 0:3.0.101-0.47.106.8.1 (i586) 0:3.0.101-0.47.106.50.1 (i586) 0:3.0.101-0.47.106.11.1 (i586) 0:3.0.101-0.47.106.19.1 (i586) 0:3.0.101-0.47.106.29.1 (i586) 0:3.0.101-0.47.106.43.1 (i586) 0:3.0.101-0.47.106.59.1 (i586) 0:3.0.101-0.47.106.35.1 (i586) 0:3.0.101-0.47.90.1 (i586) 0:3.0.101-0.47.106.5.1 (i586) 0:3.0.101-0.47.106.56.1 (i586) 0:3.0.101-0.47.106.22.1 (i586) 0:1.4.2-53.11.1 (i586) 0:1.4.2-53.14.1 (i586) 0:1.4.2-53.17.1 (i586) 0:1.4.2-53.20.1 (i586) 0:1.4.2-53.23.2 (i586) 0:1.4.2-53.26.2 (i586) 0:1.4.2-53.32.1 (i586) 0:1.4.2-53.38.1 (i586) 0:1.4.2-53.41.1 (i586) 0:0.99.beta13b-49.3.1 (i586) 0:1.7.4-7.10.3.1 (i586) 0:0.80-8.3.5 (i586) 0:0.6.1-122.9.1 (i586) 0:1.0.4-157.18.3.1 (i586) 0:0.6.17-2.14.7.2 (i586) 0:1.5.0-0.26.6.1 (i586) 0:1.0.20-2.19.15.1 (i586) 0:1.0.20-2.19.18.1 (i586) 0:1.2.9-4.2.12.5.1 (i586) 0:1.2.9-4.2.12.8.1 (i586) 0:1.2.9-4.2.12.11.1 (i586) 0:1.2.9-4.2.12.18.1 (i586) 0:1.3.4-12.5.5.2 (i586) 0:0.2.1-1.12.3 (i586) 0:0.1.6+git20080930-6.27.2 (i586) 0:1.0.5.9-21.5.1 (i586) 0:1.0.5.9-21.9.1 (i586) 0:1.0.5.9-21.20.1 (i586) 0:2.7.6-0.69.1 (i586) 0:2.7.6-0.69.3 (i586) 0:2.7.6-0.77.15.1 (i586) 0:2.7.6-0.77.18.1 (i586) 0:2.7.6-0.77.36.1 (i586) 0:2.7.6-0.77.43.1 (i586) 0:3.0.101-0.47.96.1 (noarch) 0:1.2.15-26.32.14.1 (noarch) 0:1.2.15-26.32.17.1 (noarch) 0:1.2.15-26.32.20.1 (i586) 0:2.1.15-9.6.6.1 (i586) 0:2.1.15-9.6.12.1 (i586) 0:2.1.15-9.6.15.1 (i586) 0:2.1.15-9.6.20.1 (i586) 0:2.1.15-9.6.26.1 (i586) 0:45.5.1esr-59.1 (i586) 0:3.21.3-39.1 (i586) 0:1.17-102.83.9.1 (i586) 0:1.17-102.83.15.1 (i586) 0:1.17-102.83.24.1 (i586) 0:1.17-102.83.27.1 (i586) 0:1.17-102.83.36.1 (i586) 0:1.17-102.83.41.1 (i586) 0:1.17-102.83.47.1 (i586) 0:1.17-102.83.50.1 (i586) 0:1.17-102.83.53.1 (i586) 0:1.17-102.83.59.1 (i586) 0:1.17-102.83.62.1 (i586) 0:1.17-102.83.71.1 (i586) 0:3.68.1-47.19.1 (i586) 0:3.68.3-47.25.1 (i586) 0:1.5.17-42.43.1 (i586) 0:1.5.17-42.51.1 (i586) 0:1.5.17-42.56.1 (i586) 0:5.5.52-0.27.1 (i586) 0:5.5.54-0.35.1 (i586) 0:5.5.58-0.39.6.1 (i586) 0:5.5.62-0.39.18.1 (i586) 0:10.26.44-101.15.5.2 (i586) 0:4.2.8p9-48.9.1 (i586) 0:4.2.8p12-48.21.1 (i586) 0:4.2.8p13-48.27.1 (i586) 0:2.3.37-2.74.9.1 (i586) 0:2.4.26-0.74.9.1 (i586) 0:2.3.37-2.74.13.1 (i586) 0:2.4.26-0.74.13.1 (i586) 0:2.3.37-2.74.16.1 (i586) 0:2.4.26-0.74.16.1 (i586) 0:2.3.37-2.74.26.1 (i586) 0:2.4.26-0.74.26.1 (i586) 0:0.11.6-5.27.14.1 (i586) 0:1.2.0-172.27.3.1 (i586) 0:6.2p2-0.33.2 (i586) 0:6.2p2-0.33.5 (i586) 0:6.2p2-0.40.1 (i586) 0:6.2p2-0.40.3 (i586) 0:6.2p2-0.41.5.1 (i586) 0:6.6p1-41.18.1 (i586) 0:0.9.8j-0.102.2 (i586) 0:0.9.8j-0.105.1 (i586) 0:0.9.8j-0.106.12.1 (i586) 0:0.9.8j-0.106.18.1 (i586) 0:0.9.8j-0.106.21.1 (i586) 0:0.9.8j-0.106.25.1 (i586) 0:0.9.8j-0.106.28.1 (i586) 0:0.9.8j-0.106.31.1 (i586) 0:0.9.8j-0.106.34.1 (i586) 0:0.9.8j-0.106.37.1 (i586) 0:0.9.8j-0.106.40.1 (i586) 0:0.9.8j-0.106.43.1 (i586) 0:0.9.8j-0.106.46.1 (i586) 0:2.0.9-143.46.1 (i586) 0:2.0.9-143.47.3.1 (i586) 0:2.5.9-252.22.7.1 (i586) 0:5.10.0-64.81.13.1 (i586) 0:0.2808.01-0.81.13.1 (i586) 0:0.72-0.81.13.1 (i586) 0:1.607-3.3.1 (i586) 0:1.607-3.6.1 (i586) 0:1.66-3.3.1 (i586) 0:2013.1.7-0.6.5.1 (i586) 0:5.3.17-84.1 (i586) 0:5.3.17-101.1 (i586) 0:5.3.17-112.20.1 (i586) 0:5.3.17-112.23.1 (i586) 0:5.3.17-112.58.1 (i586) 0:5.3.17-112.71.1 (i586) 0:5.3.17-112.79.1 (i586) 0:5.3.17-112.93.1 (i586) 0:5.3.17-112.99.2 (i586) 0:9.4.13-0.23.5.1 (i586) 0:2.4.5.git-2.32.3.1 (i586) 0:2.6.9-40.15.1 (i586) 0:2.6.9-40.24.1 (noarch) 0:2.6-8.40.24.1 (i586) 0:2.6.9-40.29.1 (noarch) 0:2.6-8.40.29.1 (i586) 0:2.6.9-40.32.1 (i586) 0:2.6.9-40.32.2 (noarch) 0:2.6-8.40.32.1 (i586) 0:2.6.9-40.35.1 (i586) 0:2.6.9-40.35.2 (noarch) 0:2.6-8.40.35.1 (i586) 0:2.6.9-40.48.1 (noarch) 0:2.6-8.40.48.1 (i586) 0:1.3.0-1.3.3.1 (i586) 0:0.99.15-0.30.3.1 (i586) 0:1.34b-84.1 (i586) 0:3.6.3-84.1 (noarch) 0:3.6.3-84.1 (i586) 0:1.34b-90.1 (i586) 0:3.6.3-90.1 (noarch) 0:3.6.3-90.1 (i586) 0:1.34b-93.1 (i586) 0:3.6.3-93.1 (noarch) 0:3.6.3-93.1 (i586) 0:1.34b-94.5.1 (i586) 0:3.6.3-94.5.1 (noarch) 0:3.6.3-94.5.1 (i586) 0:1.34b-94.8.1 (i586) 0:3.6.3-94.8.1 (noarch) 0:3.6.3-94.8.1 (i586) 0:1.34b-94.14.2 (i586) 0:3.6.3-94.14.2 (noarch) 0:3.6.3-94.14.2 (i586) 0:1.34b-94.19.2 (i586) 0:3.6.3-94.19.2 (noarch) 0:3.6.3-94.19.2 (i586) 0:1.34b-94.23.1 (i586) 0:3.6.3-94.23.1 (noarch) 0:3.6.3-94.23.1 (i586) 0:1.34b-94.26.1 (i586) 0:3.6.3-94.26.1 (noarch) 0:3.6.3-94.26.1 (i586) 0:1.34b-94.31.1 (i586) 0:3.6.3-94.31.1 (noarch) 0:3.6.3-94.31.1 (i586) 0:1.34b-94.34.1 (i586) 0:3.6.3-94.34.1 (noarch) 0:3.6.3-94.34.1 (i586) 0:3.7.6.3-1.4.7.3.1 (i586) 0:3.7.6.3-1.4.7.9.1 (i586) 0:3.7.6.3-1.4.7.12.1 (i586) 0:3.7.6.3-1.4.7.15.1 (i586) 0:2.7.STABLE5-2.12.30.6.1 (i586) 0:3.1.23-8.16.37.12.1 (i586) 0:3.1.23-8.16.37.15.1 (i586) 0:3.1.23-8.16.37.18.1 (i586) 0:4.4.0-6.36.9.1 (i586) 0:4.4.0-6.36.12.1 (i586) 0:1.7.6p2-0.30.5.1 (noarch) 0:1.20-122.9.1 (i586) 0:2.0.9-27.34.40.5.1 (i586) 0:1.27.1-14.8.1 (i586) 0:3.9.8-1.30.13.1 (i586) 0:3.9.8-1.30.19.1 (i586) 0:3.8.2-141.169.31.1 (i586) 0:3.8.2-141.169.34.1 (i586) 0:1.3.9-81.15.3.1 (noarch) 0:6.0.53-0.56.1 (noarch) 0:6.0.53-0.57.13.1 (noarch) 0:6.0.53-0.57.16.1 (noarch) 0:6.0.53-0.57.19.1 (i586) 0:3.2.8a-1.160.13.1 (i586) 0:3.2.8b-160.16.2 (i586) 0:3.80.2-4.1 (i586) 0:2.19.1-6.62.7.1 (i586) 0:7.2-8.21.3.1 (i586) 0:7.2-8.21.6.2 (i586) 0:4.50.1-1.33.1 (i586) 0:1.11.4-1.32.1 (i586) 0:0.7.1-6.18.3.1 (i586) 0:4.2.5_21_3.0.101_0.47.86-27.1 (i586) 0:4.2.5_21-27.1 (i586) 0:4.2.5_21_3.0.101_0.47.90-30.1 (i586) 0:4.2.5_21-30.1 (i586) 0:4.2.5_21_3.0.101_0.47.96-35.1 (i586) 0:4.2.5_21-35.1 (i586) 0:4.2.5_21_3.0.101_0.47.99-38.1 (i586) 0:4.2.5_21-38.1 (i586) 0:4.2.5_21_3.0.101_0.47.99-41.1 (i586) 0:4.2.5_21-41.1 (i586) 0:4.2.5_21_3.0.101_0.47.102-44.1 (i586) 0:4.2.5_21-44.1 (i586) 0:4.2.5_21_3.0.101_0.47.105-45.5.1 (i586) 0:4.2.5_21-45.5.1 (i586) 0:4.2.5_21_3.0.101_0.47.105-45.8.1 (i586) 0:4.2.5_21-45.8.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.5-45.11.1 (i586) 0:4.2.5_21-45.11.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.8-45.16.1 (i586) 0:4.2.5_21-45.16.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.14-45.19.1 (i586) 0:4.2.5_21-45.19.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.19-45.22.1 (i586) 0:4.2.5_21-45.22.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.43-45.25.1 (i586) 0:4.2.5_21-45.25.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.59-45.30.1 (i586) 0:4.2.5_21-45.30.1 (i586) 0:4.2.5_21_3.0.101_0.47.106.59-45.33.1 (i586) 0:4.2.5_21-45.33.1 (i586) 0:4.2.5_22_3.0.101_0.47.106.59-45.36.1 (i586) 0:4.2.5_22-45.36.1 (noarch) 0:2.8.1-238.29.8.1 (i586) 0:7.4-5.11.72.9.1 (i586) 0:7.4-5.11.72.15.1 (i586) 0:7.4-5.11.72.18.1 (i586) 0:7.4-5.11.72.27.1 (i586) 0:7.4-27.121.2 (i586) 0:7.4-27.122.21.1 (i586) 0:7.4-27.122.26.1 (i586) 0:7.4-27.122.29.1 (i586) 0:7.4-27.122.37.1 (i586) 0:7.4-27.122.40.1 (i586) 0:7.4-27.122.43.1 (i586) 0:7.4-27.122.46.1 (i586) 0:238-3.3.1 (i586) 0:5.0.3-0.12.7.1 (i586) 0:1.2.7-0.17.3.1 (i586) 0:4.3.6-67.9.8.1 (x86_64) 0:2.1.0.0_2.6.33.20_rt31_0.5-0.2.52 (x86_64) 0:1.4_2.6.33.20_rt31_0.5-2.5.62 (x86_64) 0:8.3.11_2.6.33.20_rt31_0.5-0.3.62 (x86_64) 0:1.4.19_2.6.33.20_rt31_0.5-0.9.11.38 (x86_64) 0:2.6.33.20-0.5.1 (x86_64) 0:1.6_2.6.33.20_rt31_0.5-0.4.2.62 (x86_64) 0:1.5.2_2.6.33.20_rt31_0.5-0.9.13.49 (x86_64) 0:1.5.2_2.6.33.18_rt31_0.3-0.9.13.1 (x86_64) 0:1.4_3.0.101_rt130_0.7.9-2.18.79 (x86_64) 0:8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 (x86_64) 0:1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 (x86_64) 0:3.0.101.rt130-0.7.9.1 (x86_64) 0:2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 (x86_64) 0:1.6_3.0.101_rt130_0.7.9-0.11.78 (x86_64) 0:1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 (x86_64) 0:1.4_3.0.101_rt130_0.28-2.27.99 (x86_64) 0:8.4.4_3.0.101_rt130_0.28-0.22.65 (x86_64) 0:1.4.20_3.0.101_rt130_0.28-0.38.84 (x86_64) 0:3.0.101.rt130-0.28.1 (x86_64) 0:2.1.1_3.0.101_rt130_0.28-0.11.75 (x86_64) 0:1.6_3.0.101_rt130_0.28-0.20.99 (x86_64) 0:1.5.4.1_3.0.101_rt130_0.28-0.13.90 (x86_64) 0:3.0.101.rt130-0.33.40.1 (x86_64) 0:3.0.101.rt130-0.33.44.2 (x86_64) 0:3.0.101.rt130-0.33.44.1 (x86_64) 0:3.0.101.rt130-68.1 (x86_64) 0:1.4_3.0.101_rt130_68-2.32.2.14 (x86_64) 0:8.4.4_3.0.101_rt130_68-0.27.2.13 (x86_64) 0:2_3.0.101_rt130_68-0.24.2.14 (x86_64) 0:1.6_3.0.101_rt130_68-0.28.3.4 (x86_64) 0:3.0.101.rt130-69.24.1 (x86_64) 0:3.0.101.rt130-51.1 (x86_64) 0:1.4_3.0.101_rt130_69.14-2.32.4.6 (x86_64) 0:8.4.4_3.0.101_rt130_69.14-0.27.4.6 (x86_64) 0:2_3.0.101_rt130_69.14-0.24.4.6 (x86_64) 0:1.6_3.0.101_rt130_69.14-0.28.5.6 (x86_64) 0:1.6_3.0.101_rt130_69.42-0.28.7.1 (x86_64) 0:3.0.101.rt130-54.1 (x86_64) 0:3.0.101.rt130-69.5.1 (x86_64) 0:3.0.101.rt130-45.1 (x86_64) 0:3.0.101.rt130-48.1 (x86_64) 0:3.0.101.rt130-69.11.1 (x86_64) 0:3.0.101.rt130-69.14.1 (x86_64) 0:3.0.101.rt130-69.21.1 (x86_64) 0:3.0.101.rt130-69.33.1 (x86_64) 0:3.0.101.rt130-65.1 (x86_64) 0:3.0.101.rt130-69.27.1 (x86_64) 0:3.0.101.rt130-69.30.1 (x86_64) 0:3.0.101.rt130-69.39.1 (x86_64) 0:1.4.20_3.0.101_rt130_69.24-0.43.2.1 (x86_64) 0:1.5.4.1_3.0.101_rt130_69.24-22.3.1 (x86_64) 0:1.4_3.0.101_rt130_69.42-2.32.6.1 (x86_64) 0:8.4.4_3.0.101_rt130_69.42-0.27.6.1 (x86_64) 0:2_3.0.101_rt130_69.42-0.24.6.1 (x86_64) 0:1.4.20_3.0.101_rt130_69.42-0.43.7.1 (x86_64) 0:1.6_3.0.101_rt130_69.42-0.28.9.1 (x86_64) 0:1.5.4.1_3.0.101_rt130_69.42-22.6.1 (x86_64) 0:3.0.101.rt130-57.1 (x86_64) 0:3.0.101.rt130-69.36.1 (x86_64) 0:3.0.101.rt130-69.8.1 (x86_64) 0:1.4.2_sr13.13-0.3.1 (noarch) 0:1.0.0-0.8.1 (x86_64) 0:0.9.7g-146.22.44.1 (x86_64) 0:0.9.7g-146.22.47.1 (ppc64|x86_64) 0:0.98.9-0.7.1 (ppc64|x86_64) 0:0.9.7g-146.22.36.1 (ppc64|x86_64) 0:0.9.7g-146.22.41.1 (ppc64|x86_64) 0:0.9.7g-146.22.44.1 (ppc64|x86_64) 0:0.9.7g-146.22.47.1 (ppc64|x86_64) 0:0.9.7g-146.22.50.1 (ppc64|x86_64) 0:0.9.7g-146.22.51.5.1 (ppc64|x86_64) 0:0.9.7g-146.22.51.8.1 (ppc64|x86_64) 0:1.4.20-2.58.1 (noarch) 0:5.4.15-0.15.2 (noarch) 0:5.9.33-0.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.10-0.38.1 (noarch) 0:5.3.7-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.74-0.20.1 (noarch) 0:1.2.2-0.16.1 (x86_64) 0:1.2.74-0.22.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.84.4-8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.5.5-14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.24.9-24.1 (noarch) 0:2.5.13.8-23.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.9-5.6.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.7-5.8.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.9-5.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.8-5.8.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.11-12.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.14-18.51.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.25-28.42.1 (noarch) 0:4.0.5-6.12.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.2-0.68.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-5.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.7-27.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.10-43.63.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.8-18.72.1 (i586|x86_64) 0:0.4.7-5.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.2-5.15.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.1-5.9.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-5.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.5-5.27.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.2-5.9.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.1-5.17.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.3-12.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.10-27.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.3-9.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.1-6.15.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.3-6.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.3-5.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.10-43.75.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8-18.84.1 (noarch) 0:4.2.1-6.18.2 (noarch) 0:4.2.2-9.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.14-27.59.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.10-43.84.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.13-18.93.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.2-0.68.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.2-0.68.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.2-0.68.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.1-5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.4-43.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.4-43.10.2 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.10-43.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.10-43.69.1 (i586|ia64|ppc64|s390x|x86_64) 0:2016.11.4-42.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.0.4-3.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.2-0.38.16 (i586|ia64|ppc64|s390x|x86_64) 0:1.4_3.0.101_0.7.17-2.18.81 (i586) 0:1.4_3.0.101_0.7.17-2.18.81 (ppc64) 0:1.4_3.0.101_0.7.17-2.18.81 (i586|x86_64) 0:1.4_3.0.101_0.7.17-2.18.81 (i586|ia64|ppc64|s390x|x86_64) 0:2_3.0.101_0.7.17-0.7.109 (i586) 0:2_3.0.101_0.7.17-0.7.109 (ppc64) 0:2_3.0.101_0.7.17-0.7.109 (i586|x86_64) 0:2_3.0.101_0.7.17-0.7.109 (i586|ia64|ppc64|s390x|x86_64) 0:1.6_3.0.101_0.7.17-0.11.80 (i586) 0:1.6_3.0.101_0.7.17-0.11.80 (ppc64) 0:1.6_3.0.101_0.7.17-0.11.80 (i586|x86_64) 0:1.6_3.0.101_0.7.17-0.11.80 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.19.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.19.1 11 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.10-1.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.5-1.1.5 (i586|ia64|ppc64|s390x|x86_64) 0:2.24.0-7.5 (ppc64|s390x|x86_64) 0:2.24.0-7.5 (ia64) 0:2.24.0-7.5 (i586|ia64|ppc64|s390x|x86_64) 0:3.12.3.1-1.2.1 (ppc64|s390x|x86_64) 0:3.12.3.1-1.2.1 (ia64) 0:3.12.3.1-1.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.8.11-2.14 (ppc64|s390x|x86_64) 0:0.8.11-2.14 (ia64) 0:0.8.11-2.14 (i586|ia64|ppc64|s390x|x86_64) 0:4.8-1.3.1 (ppc64|s390x|x86_64) 0:4.8-1.3.1 (ia64) 0:4.8-1.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.0.10-1.1.1 (ppc64|s390x|x86_64) 0:1.9.0.10-1.1.1 (ia64) 0:1.9.0.10-1.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.1.11-0.1.1 (ppc64|s390x|x86_64) 0:1.9.1.11-0.1.1 (ia64) 0:1.9.1.11-0.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.2.12-0.6.1 (ppc64|s390x|x86_64) 0:1.9.2.12-0.6.1 (ia64) 0:1.9.2.12-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.14.16-2.16 (ppc64|s390x|x86_64) 0:2.14.16-2.16 (ia64) 0:2.14.16-2.16 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.0.r4359-15.9.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.0.r1053-11.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.1-83.17.1 (ppc64|s390x|x86_64) 0:1.6.1-83.17.1 (ia64) 0:1.6.1-83.17.1 (i586|x86_64) 0:3.2.7-151.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.47-30.5.1 (ppc64|s390x|x86_64) 0:2.2.47-30.5.1 (ia64) 0:2.2.47-30.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.10-2.23.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2.6-50.18.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.23-11.14.1 (ppc64|s390x|x86_64) 0:0.6.23-11.14.1 (ia64) 0:0.6.23-11.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.5-34.253.1 (ppc64|s390x|x86_64) 0:1.0.5-34.253.1 (ia64) 0:1.0.5-34.253.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.7-11.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-11.21.1 (ppc64|s390x|x86_64) 0:3.2.7-11.21.1 (ia64) 0:3.2.7-11.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.95.1-0.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.3_20081022-11.18 (ppc64|s390x|x86_64) 0:4.3.3_20081022-11.18 (ia64) 0:4.3.3_20081022-11.18 (i586|ia64|ppc64|s390x|x86_64) 0:2.9-75.27.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1-194.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.9-8.15.1 (ppc64|s390x|x86_64) 0:1.3.9-8.15.1 (ia64) 0:1.3.9-8.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.19.0-11.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2-107.22 (ppc64|s390x|x86_64) 0:1.2-107.22 (ia64) 0:1.2-107.22 (ppc64|s390x|x86_64) 0:7.19.0-11.21.1 (ia64) 0:7.19.0-11.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10-3.18 (ppc64|s390x|x86_64) 0:1.10-3.18 (ia64) 0:1.10-3.18 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.11-60.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.22-182.20.1 (ppc64|s390x|x86_64) 0:2.1.22-182.20.1 (ia64) 0:2.1.22-182.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.10-3.9.1 (ppc64|s390x|x86_64) 0:1.2.10-3.9.1 (ia64) 0:1.2.10-3.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.76-34.10.1 (ppc64|s390x|x86_64) 0:0.76-34.10.1 (ia64) 0:0.76-34.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.1-7.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.45-12.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.5-1.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.24.1.1-11.8.1 (ppc64|s390x|x86_64) 0:2.24.1.1-11.8.1 (ia64) 0:2.24.1.1-11.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.24.1.1-3.23.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.24.1.1-11.12.1 (ppc64|s390x|x86_64) 0:2.24.1.1-11.12.1 (ia64) 0:2.24.1.1-11.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.1-88.26.1 (ppc64|s390x|x86_64) 0:2.0.1-88.26.1 (ia64) 0:2.0.1-88.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.3.8.90-13.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:IIIalpha9.8-691.22 (ppc64|s390x|x86_64) 0:IIIalpha9.8-691.22 (ia64) 0:IIIalpha9.8-691.22 (i586|ia64|ppc64|s390x|x86_64) 0:0.15-1.29 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.0-130.21 (ppc64|s390x|x86_64) 0:2.7.0-130.21 (ia64) 0:2.7.0-130.21 (i586|ia64|ppc64|s390x|x86_64) 0:2.24.0-7.4 (ppc64|s390x|x86_64) 0:2.24.0-7.4 (ia64) 0:2.24.0-7.4 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.21-3.20 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.3-87.12 (ppc64|s390x|x86_64) 0:1.1.3-87.12 (ia64) 0:1.1.3-87.12 (i586|ia64|ppc64|s390x|x86_64) 0:0.3.15-3.10 (ppc64|s390x|x86_64) 0:0.3.15-3.10 (ia64) 0:0.3.15-3.10 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.9.1 (ppc64|s390x|x86_64) 0:2.3.7-25.9.1 (ia64) 0:2.3.7-25.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.2-61.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.62-32.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.7-32.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.2-7.7.1 (ppc64|s390x|x86_64) 0:2.18.2-7.7.1 (ia64) 0:2.18.2-7.7.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.9-13.11.1 (ppc64|s390x|x86_64) 0:2.9-13.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.9-13.11.1 (ia64) 0:2.9-13.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.23-1.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.24.0-14.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.16.1 (ppc64|s390x|x86_64) 0:2.4.1-24.16.1 (ia64) 0:2.4.1-24.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.21-2.36.1 (ppc64|s390x|x86_64) 0:0.10.21-2.36.1 (ia64) 0:0.10.21-2.36.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.10-4.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.12-69.19.1 (i586|x86_64) 0:4.0-7.22.1 (x86_64) 0:4.0-7.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-10.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.4.15-94.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.4.15_2.6.27.48_0.6-94.14.1 (i586) 0:0.4.15_2.6.27.48_0.6-94.14.1 (ppc64) 0:0.4.15_2.6.27.48_0.6-94.14.1 (i586|x86_64) 0:0.4.15_2.6.27.48_0.6-94.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.2_sr13-0.1.1 (i586) 0:1.4.2_sr13-0.1.1 (ia64) 0:1.5.0.13.1.2-0.1.1 (i586|ppc64|s390x|x86_64) 0:1.6.0-124.6.1 (i586) 0:1.6.0-124.6.1 (ia64) 0:1.6.0-124.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-9.14.7 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-9.28.3 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-7.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-18.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-7.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.5.10-23.30.1 (ppc64|s390x|x86_64) 0:3.5.10-23.30.1 (ia64) 0:3.5.10-23.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-8.21.1 (ppc64|s390x|x86_64) 0:4.1.3-8.21.1 (ia64) 0:4.1.3-8.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.1.3-8.18.1 (ppc64|s390x|x86_64) 0:4.1.3-8.18.1 (ia64) 0:4.1.3-8.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.5-106.18 (ppc64|s390x|x86_64) 0:0.5.5-106.18 (ia64) 0:0.5.5-106.18 (i586|ia64|ppc64|s390x|x86_64) 0:0_2.6.27.23_0.1-7.1.7 (i586) 0:0_2.6.27.23_0.1-7.1.7 (ppc64) 0:0_2.6.27.23_0.1-7.1.7 (i586|x86_64) 0:0_2.6.27.23_0.1-7.1.7 (s390x) 0:0.4.15_2.6.27.54_0.2-94.14.8 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.27.23-0.1.1 (s390x) 0:2.6.27.23-0.1.1 (ppc64) 0:2.6.27.23-0.1.1 (i586) 0:2.6.27.23-0.1.1 (i586|x86_64) 0:2.6.27.23-0.1.1 (s390x) 0:2.0.5_2.6.27.54_0.2-7.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.25.1 (ppc64|s390x|x86_64) 0:1.6.3-133.25.1 (ia64) 0:1.6.3-133.25.1 (i586|ia64|x86_64) 0:78.0.10.6-0.3.1 (i586|ia64|x86_64) 0:78.2.6.30.1_2.6.27.37_0.1-0.7.1 (i586) 0:78.2.6.30.1_2.6.27.37_0.1-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.17-77.12.1 (ppc64|s390x|x86_64) 0:1.17-77.12.1 (ia64) 0:1.17-77.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.23-4.1.1 (ppc64|s390x|x86_64) 0:1.23-4.1.1 (ia64) 0:1.23-4.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.4-12.19.1 (ppc64) 0:1.3.4-12.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-11.16.1 (ppc64) 0:1.3.3-11.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.4-157.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.12.8-1.2.1 (ppc64|s390x|x86_64) 0:3.12.8-1.2.1 (ia64) 0:3.12.8-1.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.8.6-1.2.1 (ppc64|s390x|x86_64) 0:4.8.6-1.2.1 (ia64) 0:4.8.6-1.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.3-106.34 (ppc64|s390x|x86_64) 0:1.2.3-106.34 (ia64) 0:1.2.3-106.34 (i586|ia64|ppc64|s390x|x86_64) 0:2.0-11.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.12-7.19.1 (ppc64|s390x|x86_64) 0:2.4.12-7.19.1 (ia64) 0:2.4.12-7.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.6-2.131.1 (ppc64|s390x|x86_64) 0:2.2.6-2.131.1 (ia64) 0:2.2.6-2.131.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.0.67-13.26.1 (ppc64|s390x|x86_64) 0:5.0.67-13.26.1 (ia64) 0:5.0.67-13.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.28.3-2.12.1 (ppc64|s390x|x86_64) 0:0.28.3-2.12.1 (ia64) 0:0.28.3-2.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.26.44-101.9.1 (ppc64|s390x|x86_64) 0:10.26.44-101.9.1 (ia64) 0:10.26.44-101.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.11.6-5.25.1 (ppc64|s390x|x86_64) 0:0.11.6-5.25.1 (ia64) 0:0.11.6-5.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8h-30.13.1 (ppc64|s390x|x86_64) 0:0.9.8h-30.13.1 (ia64) 0:0.9.8h-30.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.11.1 (ppc64|s390x|x86_64) 0:1.2.31-5.11.1 (ia64) 0:1.2.31-5.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.18.1 (ppc64|s390x|x86_64) 0:1.2.31-5.18.1 (ia64) 0:1.2.31-5.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.1-1.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.1-1.30.5 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.0-8.8.6.1 (ppc64|s390x|x86_64) 0:2.6.0-8.8.6.1 (ia64) 0:2.6.0-8.8.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.0-8.9.6.2 (ppc64|s390x|x86_64) 0:2.6.0-8.9.6.2 (ia64) 0:2.6.0-8.9.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.17-172.14.1 (ppc64|s390x|x86_64) 0:1.0.17-172.14.1 (ia64) 0:1.0.17-172.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.beta2-6.1.1 (ppc64|s390x|x86_64) 0:1.0.beta2-6.1.1 (ia64) 0:1.0.beta2-6.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.8.1 (ppc64|s390x|x86_64) 0:3.8.2-141.8.1 (ia64) 0:3.8.2-141.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.7.1 (ppc64|s390x|x86_64) 0:3.8.2-141.7.1 (ia64) 0:3.8.2-141.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:128-13.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.4.6-14.63.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.13.1 (ppc64|s390x|x86_64) 0:1.2.0-79.13.1 (ia64) 0:1.2.0-79.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.1-10.11.1 (ppc64|s390x|x86_64) 0:2.7.1-10.11.1 (ia64) 0:2.7.1-10.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.02.39-18.26.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.2-2.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.8.2-1.1.1 (ppc64|s390x|x86_64) 0:4.8.2-1.1.1 (ia64) 0:4.8.2-1.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.0.9-0.1.1 (ppc64|s390x|x86_64) 0:1.9.0.9-0.1.1 (ia64) 0:1.9.0.9-0.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.1.15-0.5.1 (ppc64|s390x|x86_64) 0:1.9.1.15-0.5.1 (ia64) 0:1.9.1.15-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.17-42.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.6-1.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.4p6-1.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.870-26.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-172.10.7.1 (ppc64|s390x|x86_64) 0:1.2.0-172.10.7.1 (ia64) 0:1.2.0-172.10.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8h-30.14.1 (ppc64|s390x|x86_64) 0:0.9.8h-30.14.1 (ia64) 0:0.9.8h-30.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8h-30.18.1 (ppc64|s390x|x86_64) 0:0.9.8h-30.18.1 (ia64) 0:0.9.8h-30.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.16-1.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.22.1-3.17.3 (ppc64|s390x|x86_64) 0:1.22.1-3.17.3 (ia64) 0:1.22.1-3.17.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.102-1.31.1 (ppc64|s390x|x86_64) 0:1.4.102-1.31.1 (ia64) 0:1.4.102-1.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.43.1 (ppc64|s390x|x86_64) 0:5.10.0-64.43.1 (ia64) 0:5.10.0-64.43.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.56-1.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.16-3.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.3.7-0.1.1 (ppc64|s390x|x86_64) 0:8.3.7-0.1.1 (ia64) 0:8.3.7-0.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.8.4-194.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.10-17.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.14.3-50.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.7.p72-5.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8-1.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.9p17-21.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-42.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.20-23.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.0-1.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.2-128.18.1 (noarch) 0:2.1.1.2-2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.11.4-1.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.5-1.26.1 (i586|x86_64) 0:0.5-15.16.1 (i586|x86_64) 0:0.4.6-14.60.16 (i586|x86_64) 0:0.5.2-8.47.85 (i586|x86_64) 0:0.5.3-66.42.13 (i586|x86_64) 0:0.0.3-3.57.13 (i586|x86_64) 0:0.3.27-0.1.15 (i586|x86_64) 0:3.3.1_18546_24-0.3.7 (i586|x86_64) 0:3.3.1_18546_24_2.6.27.45_0.3-0.3.7 (i586) 0:3.3.1_18546_24_2.6.27.45_0.3-0.3.7 (noarch) 0:2.8.1-238.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.02-138.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.17.21-0.1.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2.10-64.65.1 (ppc64|s390x|x86_64) 0:0.2.10-64.65.1 (ia64) 0:0.2.10-64.65.1 (i586|s390x|x86_64) 0:24.6.0esr-0.3.1 (i586|s390x|x86_64) 0:24-0.4.10.24 (i586|s390x|x86_64) 0:3.16.1-0.3.1 (s390x|x86_64) 0:3.16.1-0.3.1 (i586|s390x|x86_64) 0:4.10.6-0.3.1 (s390x|x86_64) 0:4.10.6-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.4.3.6-7.24.1 (ppc64|s390x|x86_64) 0:6.4.3.6-7.24.1 (x86_64) 0:6.4.3.6-7.34.1 (x86_64) 0:6.4.3.6-7.37.1 (x86_64) 0:6.4.3.6-7.40.1 (x86_64) 0:6.4.3.6-7.45.1 (x86_64) 0:6.4.3.6-7.48.1 (x86_64) 0:6.4.3.6-7.54.1 (x86_64) 0:6.4.3.6-7.60.1 (x86_64) 0:6.4.3.6-7.65.1 (x86_64) 0:6.4.3.6-7.77.1 (x86_64) 0:6.4.3.6-7.78.5.2 (x86_64) 0:6.4.3.6-7.78.8.1 (x86_64) 0:6.4.3.6-7.78.14.1 (x86_64) 0:6.4.3.6-7.78.17.1 (x86_64) 0:6.4.3.6-7.78.22.1 (x86_64) 0:6.4.3.6-7.78.29.2 (x86_64) 0:6.4.3.6-7.78.34.1 (x86_64) 0:6.4.3.6-7.78.37.1 (x86_64) 0:6.4.3.6-78.40.1 (x86_64) 0:6.4.3.6-78.45.1 (x86_64) 0:6.4.3.6-78.56.1 (x86_64) 0:6.4.3.6-78.59.1 (x86_64) 0:6.4.3.6-78.74.1 (x86_64) 0:6.4.3.6-78.79.1 (x86_64) 0:6.4.3.6-78.92.1 (x86_64) 0:6.4.3.6-78.97.1 (x86_64) 0:6.4.3.6-78.106.1 (x86_64) 0:6.4.3.6-78.109.1 (x86_64) 0:6.4.3.6-78.112.1 (x86_64) 0:6.4.3.6-78.117.1 (x86_64) 0:6.4.3.6-78.122.1 (x86_64) 0:6.4.3.6-78.125.6 (x86_64) 0:6.4.3.6-78.128.1 (x86_64) 0:6.4.3.6-78.135.1 (x86_64) 0:6.4.3.6-78.140.1 (x86_64) 0:6.4.3.6-78.143.1 (x86_64) 0:6.4.3.6-78.146.1 (x86_64) 0:0.9.1-159.1 (x86_64) 0:0.9.1-160.3.1 (x86_64) 0:0.9.1-160.6.1 (x86_64) 0:0.9.1-160.9.1 (x86_64) 0:0.9.1-160.14.1 (x86_64) 0:0.9.1-160.19.1 (x86_64) 0:0.9.1-160.22.1 (x86_64) 0:7.7-5.14.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.5-0.3.6 (i586|ia64|ppc64|s390x|x86_64) 0:3.13.5-0.4.2 (ppc64|s390x|x86_64) 0:3.13.5-0.4.2 (ia64) 0:3.13.5-0.4.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.9.1-0.5.1 (ppc64|s390x|x86_64) 0:4.9.1-0.5.1 (ia64) 0:4.9.1-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.2.24-0.3.1 (ppc64|s390x|x86_64) 0:1.9.2.24-0.3.2 (ia64) 0:1.9.2.24-0.3.1 (x86_64) 0:38.5.0esr-28.2 (x86_64) 0:38.8.0esr-40.1 (x86_64) 0:45.3.0esr-48.1 (x86_64) 0:45.0-20.38 (x86_64) 0:2.11.0-4.2 (x86_64) 0:3.21.1-26.2 (x86_64) 0:4.12-25.2 (x86_64) 0:45.4.0esr-52.1 (x86_64) 0:45.6.0esr-66.1 (x86_64) 0:45.7.0esr-69.2 (x86_64) 0:45.8.0esr-74.1 (x86_64) 0:45.9.0esr-77.3 (x86_64) 0:3.29.5-37.1 (x86_64) 0:4.13.1-28.1 (x86_64) 0:52.3.0esr-78.4.5 (x86_64) 0:52-21.3.28 (x86_64) 0:5.3.1+r233831-2.1 (x86_64) 0:5.3.1+r233831-5.1 (x86_64) 0:52.5.0esr-78.10.1 (x86_64) 0:52.6.0esr-78.13.3 (x86_64) 0:52.7.3esr-78.20.2 (x86_64) 0:52.8.0esr-78.25.1 (x86_64) 0:52.8.1esr-78.29.3 (x86_64) 0:52.9.0esr-78.32.6 (x86_64) 0:60.8.0esr-78.43.2 (x86_64) 0:68.3.0-78.54.1 (x86_64) 0:3.47.1-38.12.1 (x86_64) 0:4.23-29.9.1 (x86_64) 0:68.4.1-78.57.1 (x86_64) 0:68.5.0-78.61.2 (x86_64) 0:68.6.0-78.64.1 (x86_64) 0:68.6.1-78.67.1 (x86_64) 0:68.7.0-78.70.1 (x86_64) 0:68.8.0-78.73.1 (x86_64) 0:68.9.0-78.77.1 (x86_64) 0:78.0.1-78.80.2 (x86_64) 0:78-21.12.1 (x86_64) 0:78.1.0-78.87.1 (x86_64) 0:78.2.0-78.90.2 (x86_64) 0:78.3.0-78.93.1 (x86_64) 0:78.4.0-78.99.1 (x86_64) 0:78.4.1-78.102.1 (x86_64) 0:78.5.0-78.105.1 (x86_64) 0:78.6.0-78.108.1 (x86_64) 0:78.6.1-78.111.1 (x86_64) 0:78.7.0-78.114.1 (x86_64) 0:78.7.1-78.117.1 (x86_64) 0:78.8.0-78.120.1 (x86_64) 0:78.9.0-78.123.1 (x86_64) 0:78.10.0-78.126.1 (x86_64) 0:78.11.0-78.131.1 (x86_64) 0:78.12.0-78.134.1 (x86_64) 0:78.13.0-78.137.1 (x86_64) 0:78.14.0-78.140.4 (x86_64) 0:91.3.0-78.151.2 (x86_64) 0:91.4.0-78.154.1 (x86_64) 0:91.5.0-78.159.1 (x86_64) 0:3.68.2-38.43.1 (x86_64) 0:91.6.0-78.162.2 (x86_64) 0:91.7.0-78.167.1 (i586|s390x|x86_64) 0:24.5.0esr-0.3.1 (i586|s390x|x86_64) 0:24-0.4.10.14 (i586|s390x|x86_64) 0:3.16-0.3.1 (s390x|x86_64) 0:3.16-0.3.1 (i586|s390x|x86_64) 0:4.10.4-0.3.1 (s390x|x86_64) 0:4.10.4-0.3.1 (x86_64) 0:31.6.0esr-0.3.1 (x86_64) 0:91.2.0-78.143.1 (x86_64) 0:91-21.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1_git20090811-3.9.9.5 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-5.15.7.5 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.9-4.5.4 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-5.15.11.1 (x86_64) 0:0.9.svn1043876-1.3.15 (x86_64) 0:1.6.1-83.17.8.2 (x86_64) 0:1.6.1-83.17.11.1 (x86_64) 0:1.6.1-83.17.14.1 (x86_64) 0:1.6.1-83.17.17.1 (x86_64) 0:1.6.1-83.17.20.1 (x86_64) 0:1.6.1-83.17.25.1 (x86_64) 0:1.6.1-83.17.30.1 (i586|x86_64) 0:2.6.0-8.9.20 (x86_64) 0:2.6.0-8.9.20 (x86_64) 0:1.2.13-106.14.12 (x86_64) 0:1.2.13-106.21.1 (noarch) 0:3.6_SVNr208-2.18.3.1 (x86_64) 0:1.4-75.3.1 (x86_64) 0:0.13.1-40.16.6.1 (x86_64) 0:2.5.2.1-188.5.1 (noarch) 0:1.7.0-200.26.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-1.28.1 (x86_64) 0:2.2.12-59.1 (x86_64) 0:2.2.12-64.1 (x86_64) 0:2.2.12-69.1 (x86_64) 0:2.2.34-70.5.1 (x86_64) 0:2.2.34-70.12.1 (x86_64) 0:2.2.34-70.15.1 (x86_64) 0:2.2.34-70.18.1 (x86_64) 0:2.2.34-70.21.1 (x86_64) 0:2.2.34-70.27.1 (x86_64) 0:2.2.34-70.30.1 (x86_64) 0:2.2.34-70.35.1 (x86_64) 0:2.2.34-70.38.1 (x86_64) 0:2.2.34-70.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.2.12-1.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-11.18.19.1 (ppc64) 0:1.3.3-11.18.19.1 (x86_64) 0:1.2.40-0.2.5.1 (x86_64) 0:1.0.14-0.4.25.1 (x86_64) 0:2.0.4-40.63.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:5.2.14-0.7.30.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.3.1-147.24.1 (x86_64) 0:0.114-12.8.3.1 (x86_64) 0:0.114-0.8.3.1 (x86_64) 0:0.114-12.8.6.1 (x86_64) 0:0.114-0.8.6.1 (x86_64) 0:0.114-12.8.11.1 (x86_64) 0:0.114-0.8.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.1a15-131.23.2.1 (x86_64) 0:2.1a15-131.23.2.6.1 (x86_64) 0:0.60.6-26.30.1 (x86_64) 0:0.60.6-26.33.1 (x86_64) 0:0.60.6-26.36.1 (x86_64) 0:0.7.0-135.16.16.3.1 (x86_64) 0:0.7.0-135.16.16.6.1 (x86_64) 0:0.7.0-135.16.16.9.1 (x86_64) 0:0.2.6-142.17.1 (x86_64) 0:0.8.1-7.22.2 (x86_64) 0:0.8.1-7.23.3.1 (x86_64) 0:1.10.1-4.131.9.1 (x86_64) 0:0.6.23-11.25.25.3.1 (x86_64) 0:0.6.23-11.25.25.6.14 (x86_64) 0:0.6.23-11.25.25.9.1 (noarch) 0:1.4-236.38.3.1 (noarch) 0:1.4-236.38.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2-147.12.1 (ia64) 0:3.2-147.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.2-147.12.1 (ppc64|s390x|x86_64) 0:5.2-147.12.1 (ia64) 0:5.2-147.12.1 (x86_64) 0:3.2-148.5.1 (x86_64) 0:5.2-148.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:9.6ESVR7P2-0.3.1 (ppc64|s390x|x86_64) 0:9.6ESVR7P2-0.3.1 (ia64) 0:9.6ESVR7P2-0.3.1 (i586|s390x|x86_64) 0:9.6ESVR11W1-0.6.1 (s390x|x86_64) 0:9.6ESVR11W1-0.6.1 (i586|s390x|x86_64) 0:9.6ESVR11W1-0.9.1 (s390x|x86_64) 0:9.6ESVR11W1-0.9.1 (x86_64) 0:9.6ESVR11W1-0.12.1 (x86_64) 0:9.6ESVR11W1-0.15.1 (x86_64) 0:9.6ESVR11W1-0.18.1 (x86_64) 0:9.6ESVR11W1-0.21.1 (x86_64) 0:9.6ESVR11W1-0.24.1 (x86_64) 0:9.6ESVR11W1-0.27.1 (x86_64) 0:9.6ESVR11W1-0.30.1 (x86_64) 0:9.6ESVR11W1-0.31.7.1 (x86_64) 0:9.6ESVR11W1-0.31.12.1 (x86_64) 0:9.6ESVR11W1-0.31.15.1 (x86_64) 0:9.6ESVR11W1-0.31.18.1 (x86_64) 0:9.6ESVR11W1-0.31.21.1 (x86_64) 0:9.6ESVR11W1-0.31.24.1 (x86_64) 0:4.51-1.5.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.36.0-12.3.1 (x86_64) 0:2.5.5-9.1 (x86_64) 0:2.5.5-10.8.1 (i586|ia64|ppc|s390x|x86_64) 0:2.0.1-1.34.1 (x86_64) 0:1.0.5-34.256.5.1 (x86_64) 0:1.0.5-34.256.8.1 (x86_64) 0:1.8.8-2.3.7.1 (x86_64) 0:1.8.8-2.3.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.97.5-0.2.1 (x86_64) 0:0.99.2-0.19.1 (x86_64) 0:0.99.3-0.20.3.2 (x86_64) 0:0.99.4-0.20.7.2 (x86_64) 0:0.100.1-0.20.15.1 (x86_64) 0:0.100.2-0.20.18.1 (x86_64) 0:0.100.3-0.20.21.1 (x86_64) 0:0.100.3-0.20.26.1 (x86_64) 0:0.100.3-0.20.29.1 (x86_64) 0:0.103.0-0.20.32.1 (x86_64) 0:0.103.2-0.20.35.1 (x86_64) 0:0.103.4-0.20.41.1 (x86_64) 0:0.103.5-0.20.44.1 (x86_64) 0:6.12-32.41.5.1 (x86_64) 0:2.9-75.81.5.1 (x86_64) 0:2.9-75.81.8.1 (x86_64) 0:2.9-75.81.14.1 (x86_64) 0:2.8.12-56.13.1 (x86_64) 0:4.1-194.211.213.3.8 (x86_64) 0:2013.10.2-0.3.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.9-8.44.1 (ppc64|s390x|x86_64) 0:1.3.9-8.44.1 (ia64) 0:1.3.9-8.44.1 (x86_64) 0:1.3.9-8.46.56.3.1 (x86_64) 0:1.3.9-8.46.56.8.1 (x86_64) 0:1.3.9-8.46.56.11.1 (x86_64) 0:1.3.9-8.46.56.15.1 (x86_64) 0:1.3.9-8.46.56.18.1 (x86_64) 0:7.19.7-1.20.39.2 (x86_64) 0:7.19.7-1.20.42.1 (x86_64) 0:7.19.7-1.61.1 (x86_64) 0:7.19.7-1.64.1 (x86_64) 0:7.19.7-1.69.1 (x86_64) 0:7.19.7-1.70.3.1 (x86_64) 0:7.19.7-1.70.8.1 (x86_64) 0:7.19.7-1.70.13.1 (x86_64) 0:7.37.0-70.27.1 (x86_64) 0:7.37.0-70.30.1 (x86_64) 0:7.37.0-70.33.1 (x86_64) 0:7.37.0-70.38.1 (x86_64) 0:7.37.0-70.41.2 (x86_64) 0:7.37.0-70.44.1 (x86_64) 0:7.37.0-70.47.1 (x86_64) 0:7.37.0-70.52.2 (x86_64) 0:7.37.0-70.57.1 (x86_64) 0:7.37.0-70.60.1 (x86_64) 0:7.37.0-70.63.1 (x86_64) 0:7.37.0-70.66.1 (x86_64) 0:7.37.0-70.71.1 (x86_64) 0:7.37.0-70.74.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.12-144.23.5.1 (x86_64) 0:1.12.12-144.23.5.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.11-60.65.64.1 (x86_64) 0:2.3.11-60.65.67.1 (x86_64) 0:2.3.11-60.65.71.3.5 (x86_64) 0:2.3.11-60.65.71.6.1 (x86_64) 0:2.1.22-182.26.4.1 (x86_64) 0:2.1.22-182.20.3.1 (x86_64) 0:2.1.22-182.20.6.1 (x86_64) 0:2.1.22-182.26.7.1 (x86_64) 0:1.2.10-3.34.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.3.ESV-0.17.1 (x86_64) 0:3.1.3.ESV-0.19.1 (x86_64) 0:3.1.3.ESV-0.22.1 (x86_64) 0:3.1.3.ESV-0.23.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.3-44.30.1 (x86_64) 0:3.2.3-45.5.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.22-3.21.2 (x86_64) 0:3.5.21-3.3.1 (x86_64) 0:3.5.21-3.6.10 (x86_64) 0:3.5.21-3.9.1 (x86_64) 0:3.5.21-3.12.1 (x86_64) 0:3.5.21-3.15.1 (x86_64) 0:3.5.21-3.18.1 (x86_64) 0:2.45-12.27.1 (x86_64) 0:2.45-12.27.3.1 (x86_64) 0:1.41.9-2.6.3.1 (x86_64) 0:2.16-6.21.3 (x86_64) 0:1.41.9-2.6.4.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:61-1.33.1 (ppc64|s390x|x86_64) 0:61-1.33.1 (ia64) 0:61-1.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2-1001.30.1 (x86_64) 0:0.2-1001.30.3.4 (x86_64) 0:0.137-8.24.3 (x86_64) 0:0.137-8.24.3.1 (x86_64) 0:22.3-42.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.2-0.7.2 (x86_64) 0:2.28.2-0.7.3.1 (x86_64) 0:2.28.2-0.7.8.1 (x86_64) 0:2.0.2-4.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.1-88.34.1 (ppc64|s390x|x86_64) 0:2.0.1-88.34.1 (ia64) 0:2.0.1-88.34.1 (x86_64) 0:2.0.1-88.38.1 (x86_64) 0:2.0.1-88.41.1 (x86_64) 0:2.0.1-88.42.3.2 (x86_64) 0:2.0.1-88.42.6.1 (x86_64) 0:2.0.1-88.42.9.1 (x86_64) 0:2.0.1-88.42.12.1 (x86_64) 0:2.0.1-88.42.15.1 (x86_64) 0:2.0.1-88.42.18.1 (x86_64) 0:2.0.1-88.42.22.1 (x86_64) 0:1.6.18-0.3.3.1 (x86_64) 0:0.95-1.24.1 (x86_64) 0:6.3.8.90-13.20.21.1 (x86_64) 0:6.3.8.90-13.20.22.3.1 (x86_64) 0:2.28.2-0.3.3.16 (i586|ia64|ppc64|s390x|x86_64) 0:10.0-0.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.7.7 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.3-5.6.5 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.4-0.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:3.13.4-0.2.1 (ppc64|s390x|x86_64) 0:3.13.4-0.2.1 (ia64) 0:3.13.4-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.6-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.7.70 (x86_64) 0:10.0.7-0.3.1 (x86_64) 0:7-0.6.7.79 (x86_64) 0:10.0.9-0.3.1 (x86_64) 0:10.0.10-0.3.1 (x86_64) 0:10.0.11-0.3.1 (x86_64) 0:10.0.12-0.4.1 (i586|s390x|x86_64) 0:17.0.3esr-0.4.2.1 (i586|s390x|x86_64) 0:7-0.6.9.1 (i586|s390x|x86_64) 0:3.14.1-0.3.1 (s390x|x86_64) 0:3.14.1-0.3.1 (i586|s390x|x86_64) 0:4.9.5-0.3.1 (s390x|x86_64) 0:4.9.5-0.3.1 (i586|s390x|x86_64) 0:3.14.2-0.4.3.1 (s390x|x86_64) 0:3.14.2-0.4.3.1 (x86_64) 0:17.0.4esr-0.5.1 (x86_64) 0:17.0.5esr-0.4.1 (x86_64) 0:7-0.6.9.17 (i586|s390x|x86_64) 0:17.0.6esr-0.4.1 (i586|s390x|x86_64) 0:7-0.6.9.20 (i586|s390x|x86_64) 0:3.14.3-0.4.3.1 (s390x|x86_64) 0:3.14.3-0.4.3.1 (i586|s390x|x86_64) 0:4.9.6-0.3.1 (s390x|x86_64) 0:4.9.6-0.3.1 (i586|s390x|x86_64) 0:17.0.7esr-0.3.1 (i586|s390x|x86_64) 0:7-0.6.9.31 (i586|s390x|x86_64) 0:17.0.10esr-0.4.2.1 (i586|s390x|x86_64) 0:7-0.6.9.60 (i586|s390x|x86_64) 0:24.3.0esr-0.4.2.1 (i586|s390x|x86_64) 0:24-0.4.10.3 (i586|s390x|x86_64) 0:4.7.2_20130108-0.16.1 (i586|s390x|x86_64) 0:3.15.4-0.4.2.1 (s390x|x86_64) 0:3.15.4-0.4.2.1 (i586|s390x|x86_64) 0:4.10.2-0.3.2 (s390x|x86_64) 0:4.10.2-0.3.2 (x86_64) 0:24.4.0esr-0.5.5.1 (x86_64) 0:24-0.4.10.9 (i586|s390x|x86_64) 0:24.7.0esr-0.3.1 (i586|s390x|x86_64) 0:3.16.2-0.3.1 (s390x|x86_64) 0:3.16.2-0.3.1 (i586|s390x|x86_64) 0:24.8.0esr-0.3.1 (i586|s390x|x86_64) 0:3.16.4-0.3.1 (s390x|x86_64) 0:3.16.4-0.3.1 (i586|s390x|x86_64) 0:4.10.7-0.3.1 (s390x|x86_64) 0:4.10.7-0.3.1 (i586|s390x|x86_64) 0:31.3.0esr-0.3.1 (i586|s390x|x86_64) 0:31.4.0esr-0.3.1 (i586|s390x|x86_64) 0:3.17.3-0.3.1 (s390x|x86_64) 0:3.17.3-0.3.1 (i586|s390x|x86_64) 0:31.5.3esr-0.3.1 (x86_64) 0:31.7.0esr-0.3.1 (i586|s390x|x86_64) 0:38.2.1esr-17.1 (x86_64) 0:38.3.0esr-20.1 (x86_64) 0:38.4.0esr-25.3 (x86_64) 0:38-12.19 (x86_64) 0:3.19.2.1-12.1 (x86_64) 0:38.7.0esr-36.3 (x86_64) 0:3.20.2-20.1 (x86_64) 0:4.12-19.1 (x86_64) 0:52.4.0esr-78.7.2 (x86_64) 0:3.29.5-38.3.1 (x86_64) 0:60.9.0esr-78.46.2 (x86_64) 0:2.54.3-2.11.1 (x86_64) 0:3.10.9-2.12.2 (x86_64) 0:68.2.0-78.51.4 (x86_64) 0:68-21.9.8 (x86_64) 0:2.26.1-2.8.4 (x86_64) 0:2.36.11-2.8.4 (x86_64) 0:2.54.3-2.14.7 (x86_64) 0:3.10.9-2.15.3 (x86_64) 0:1.15.10-2.13.4 (x86_64) 0:5.3.1+r233831-14.1 (x86_64) 0:3.2.1.git259-2.3.3 (x86_64) 0:1.7.5-2.7.4 (x86_64) 0:1.40.14-2.7.4 (x86_64) 0:3.45-38.9.3 (x86_64) 0:4.21-29.6.1 (x86_64) 0:60.7.0esr-78.40.2 (x86_64) 0:60-21.6.8 (x86_64) 0:2.10.2-2.6.5 (x86_64) 0:2.26.1-2.5.5 (x86_64) 0:0.76-34.2.4.5 (x86_64) 0:2.36.11-2.5.4 (x86_64) 0:2.54.3-2.4.3 (x86_64) 0:3.10.9-2.8.3 (x86_64) 0:1.15.10-2.8.7 (x86_64) 0:2.9-2.4.1 (x86_64) 0:1.7.5-2.4.5 (x86_64) 0:1.40.14-2.4.5 (x86_64) 0:0.34.0-2.5.1 (x86_64) 0:3.41.1-38.6.1 (x86_64) 0:4.20-29.3.1 (i586|s390x|x86_64) 0:31.2.0esr-0.11.11.1 (i586|s390x|x86_64) 0:31.0-0.5.5.1 (i586|s390x|x86_64) 0:3.17.2-0.3.1 (s390x|x86_64) 0:3.17.2-0.3.1 (i586|s390x|x86_64) 0:4.10.7-0.3.3 (s390x|x86_64) 0:4.10.7-0.3.3 (x86_64) 0:1.2.1-68.17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.2-269.35.1 (x86_64) 0:3.0.2-269.39.1 (x86_64) 0:2.1.1-7.24.1 (x86_64) 0:2.1.1-7.25.3.1 (x86_64) 0:2.1.1-7.25.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.7-25.30.1 (ppc64|s390x|x86_64) 0:2.3.7-25.30.1 (ia64) 0:2.3.7-25.30.1 (x86_64) 0:2.3.7-25.41.4 (x86_64) 0:2.3.7-25.45.5.1 (x86_64) 0:2.3.7-25.45.8.1 (x86_64) 0:2.7.2-61.27.3.1 (x86_64) 0:4.3.4_20091019-7.3.1 (x86_64) 0:4.3.4_20091019-7.9.1 (x86_64) 0:4.8.5-5.3.3 (x86_64) 0:3.1.2-3.3.3 (x86_64) 0:4.8.5-5.9.1 (x86_64) 0:2.0.36.RC1-52.20.1 (x86_64) 0:2.0.36.RC1-52.22.1 (x86_64) 0:2.0.36.RC1-52.25.1 (x86_64) 0:2.0.36.RC1-52.29.1 (x86_64) 0:2.0.36.RC1-52.32.1 (x86_64) 0:2.0.36.RC1-52.33.5.1 (x86_64) 0:2.0.36.RC1-52.33.12.1 (x86_64) 0:8.62-32.41.1 (x86_64) 0:4.2.7-32.41.1 (x86_64) 0:8.62-32.38.1 (x86_64) 0:4.2.7-32.38.1 (x86_64) 0:8.62-32.44.1 (x86_64) 0:4.2.7-32.44.1 (x86_64) 0:8.62-32.46.1 (x86_64) 0:4.2.7-32.46.1 (x86_64) 0:8.62-32.47.7.1 (x86_64) 0:4.2.7-32.47.7.1 (x86_64) 0:8.62-32.47.10.1 (x86_64) 0:4.2.7-32.47.10.1 (x86_64) 0:8.62-32.47.13.1 (x86_64) 0:4.2.7-32.47.13.1 (x86_64) 0:8.62-47.16.1 (x86_64) 0:4.2.7-47.16.1 (x86_64) 0:4.1.6-21.1 (x86_64) 0:2.22.5-0.8.36.1 (x86_64) 0:2.22.5-0.8.39.1 (x86_64) 0:2.22.5-0.8.44.1 (x86_64) 0:2.11.1-0.68.1 (x86_64) 0:2.11.1-0.72.1 (x86_64) 0:2.11.1-0.79.1 (x86_64) 0:2.11.1-0.80.3.1 (x86_64) 0:2.11.1-0.80.6.2 (x86_64) 0:2.11.1-0.80.9.2 (x86_64) 0:2.11.1-0.80.12.846 (x86_64) 0:2.11.1-0.80.17.2 (x86_64) 0:2.11.1-0.80.23.2 (x86_64) 0:2.11.1-0.80.26.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.1-0.32.1 (ppc64|s390x|x86_64) 0:2.11.1-0.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.1-0.32.1 (ia64) 0:2.11.1-0.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.3-0.4.1 (ppc64|s390x|x86_64) 0:3.0.3-0.4.1 (ia64) 0:3.0.3-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:11-1.18.1 (ppc64|s390x|x86_64) 0:11-1.18.1 (ia64) 0:11-1.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.8-0.4.1 (x86_64) 0:4.2.3-12.3.1 (x86_64) 0:2.28.0-3.11.12.2 (x86_64) 0:4.2.3-7.3.22 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.1-24.39.39.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.39.1 (ia64) 0:2.4.1-24.39.39.1 (x86_64) 0:2.4.1-24.39.67.1 (x86_64) 0:2.4.1-24.39.70.1 (x86_64) 0:2.4.1-24.39.76.1 (x86_64) 0:2.0.9-25.33.41.2 (x86_64) 0:2.0.9-25.33.42.3.1 (x86_64) 0:2.0.9-25.33.42.8.1 (x86_64) 0:1.1.6-25.32.1 (x86_64) 0:2.20.2-8.3.4 (x86_64) 0:2.20.2-8.3.6 (x86_64) 0:0.10.25-1.3.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.18.9-0.20.18.1 (ppc64|s390x|x86_64) 0:2.18.9-0.20.18.1 (ia64) 0:2.18.9-0.20.18.1 (x86_64) 0:2.18.9-0.20.21.2 (x86_64) 0:2.18.9-0.20.26.1 (x86_64) 0:2.18.9-0.20.27.5.2 (x86_64) 0:2.18.9-0.20.27.8.1 (x86_64) 0:1.8.5-24.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.11.10-0.6.7.1 (x86_64) 0:1.2.7-20.1 (i586|x86_64) 0:4.0-7.26.1 (x86_64) 0:4.0-7.26.1 (x86_64) 0:2.4.2-170.21.3.1 (x86_64) 0:2.4.2-170.21.3.3.1 (x86_64) 0:2.4.2-170.21.3.6.1 (noarch) 0:2012.10.4-0.3.1 (x86_64) 0:0.7.3-1.13.1 (x86_64) 0:0.7.3-1.38.3.1 (noarch) 0:3.2.2-88.36.1 (noarch) 0:1.1.1-1.35.1 (noarch) 0:3.0.1-253.36.1 (noarch) 0:1.1.1-234.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.1-134.11.1 (ppc64|s390x|x86_64) 0:1.900.1-134.11.1 (ia64) 0:1.900.1-134.11.1 (x86_64) 0:1.900.14-134.25.1 (x86_64) 0:1.900.14-134.32.1 (x86_64) 0:1.900.14-134.33.3.1 (x86_64) 0:1.900.14-134.33.10.1 (x86_64) 0:1.900.14-134.33.17.1 (x86_64) 0:1.900.14-134.33.20.1 (x86_64) 0:1.900.14-134.33.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.2_sr13.12-0.2.1 (i586) 0:1.4.2_sr13.12-0.2.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr10.1-0.3.1 (i586) 0:1.6.0_sr10.1-0.3.1 (i586|x86_64) 0:1.6.0_sr10.1-0.3.1 (i586|s390x|x86_64) 0:1.6.0_sr16.7-10.1 (i586) 0:1.6.0_sr16.7-10.1 (x86_64) 0:1.6.0_sr16.20-49.1 (x86_64) 0:1.6.0_sr16.25-69.1 (x86_64) 0:1.6.0_sr16.30-75.1 (x86_64) 0:1.6.0_sr16.35-78.2 (x86_64) 0:1.6.0_sr16.41-81.1 (x86_64) 0:1.6.0_sr16.45-84.1 (x86_64) 0:1.6.0_sr16.50-85.5.1 (x86_64) 0:1.6.0_sr16.15-46.1 (i586|ia64|ppc64|s390x|x86_64) 0:6b-879.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2.0-879.12.1 (ppc64|s390x|x86_64) 0:6.2.0-879.12.1 (ia64) 0:6.2.0-879.12.1 (x86_64) 0:6b-879.12.7.1 (x86_64) 0:6.2.0-879.12.7.1 (x86_64) 0:6b-879.12.12.1 (x86_64) 0:6.2.0-879.12.12.1 (x86_64) 0:6b-879.12.17.1 (x86_64) 0:6.2.0-879.12.17.1 (x86_64) 0:4.3.5-0.12.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.4.1 (x86_64) 0:4.3.5-0.3.1 (x86_64) 0:4.3.5-0.12.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.6.1 (ppc64|s390x|x86_64) 0:4.3.5-0.6.1 (ia64) 0:4.3.5-0.6.1 (x86_64) 0:2.4.4-255.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:0_2.6.32.59_0.3-0.3.92 (i586) 0:0_2.6.32.59_0.3-0.3.92 (i586|x86_64) 0:0_2.6.32.59_0.3-0.3.92 (i586|ia64|ppc64|s390x|x86_64) 0:0_2.6.32.59_0.3-7.9.59 (i586) 0:0_2.6.32.59_0.3-7.9.59 (ppc64) 0:0_2.6.32.59_0.3-7.9.59 (i586|x86_64) 0:0_2.6.32.59_0.3-7.9.59 (i586|x86_64) 0:0_2.6.32.59_0.3-0.18.16 (i586) 0:0_2.6.32.59_0.3-0.18.16 (s390x) 0:1.4.19_2.6.32.19_0.3-0.7.8 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.32.59-0.7.1 (s390x) 0:2.6.32.59-0.7.1 (i586|x86_64) 0:2.6.32.59-0.3.1 (i586|x86_64) 0:2.6.32.59-0.7.1 (i586) 0:2.6.32.59-0.7.1 (ppc64) 0:2.6.32.59-0.7.1 (s390x) 0:2.0.5_2.6.32.19_0.3-7.10.1 (i586|x86_64) 0:4.0.3_21548_16_2.6.32.59_0.15-0.5.26 (i586) 0:4.0.3_21548_16_2.6.32.59_0.15-0.5.26 (i586|x86_64) 0:2.6.32.24-0.2.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.48.48.1 (ppc64|s390x|x86_64) 0:1.6.3-133.48.48.1 (noarch) 0:1.6.3-133.49.62.1 (ia64) 0:1.6.3-133.48.48.1 (noarch) 0:1.6.3-133.49.97.3 (x86_64) 0:1.6.3-133.49.97.3 (x86_64) 0:1.6.3-133.49.109.1 (x86_64) 0:1.8.6-133.49.121.2 (noarch) 0:1.8.6-133.49.121.7 (x86_64) 0:1.8.6-133.49.125.11.1 (noarch) 0:1.8.6-133.49.125.11.3 (x86_64) 0:1.8.6-133.49.125.16.1 (noarch) 0:1.8.6-133.49.125.16.4 (x86_64) 0:1.8.6-133.49.125.19.2 (noarch) 0:1.8.6-133.49.125.19.2 (noarch) 0:1.6.3-133.49.64.1 (noarch) 0:1.6.3-133.49.66.1 (noarch) 0:1.6.3-133.49.68.2 (i586|x86_64) 0:0.12.5-1.20.1 (i586|x86_64) 0:0.12.5-1.30.2 (x86_64) 0:0.12.5-1.31.3.1 (x86_64) 0:0.12.5-1.31.6.1 (x86_64) 0:424b-10.24.3.5 (x86_64) 0:1.14.0.894-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.4-12.22.21.2 (ppc64) 0:1.3.4-12.22.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-11.18.17.1 (ppc64) 0:1.3.3-11.18.17.1 (x86_64) 0:1.3.4-12.22.23.3.2 (x86_64) 0:1.3.3-11.18.19.13.2 (x86_64) 0:0.99.beta13b-49.3.1 (x86_64) 0:0.99.beta13b-49.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11-2.17.1 (ppc64|s390x|x86_64) 0:2.11-2.17.1 (ia64) 0:2.11-2.17.1 (x86_64) 0:1.7.4-7.4.3.1 (x86_64) 0:0.80-8.3.5 (x86_64) 0:0.37.1-5.19.3.1 (x86_64) 0:0.6.1-122.3.1 (x86_64) 0:0.6.1-122.9.1 (x86_64) 0:4.5.20-97.5 (i586|s390x|x86_64) 0:9.1.12-0.3.1 (s390x|x86_64) 0:9.1.12-0.3.1 (x86_64) 0:1.0.4-157.18.3.1 (x86_64) 0:1.4.5-24.24.1 (x86_64) 0:1.4.5-24.24.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.17-2.14.1 (ppc64|s390x|x86_64) 0:0.6.17-2.14.1 (ia64) 0:0.6.17-2.14.1 (x86_64) 0:0.6.17-2.14.3.1 (x86_64) 0:0.6.17-2.14.7.2 (i586|s390x|x86_64) 0:1.4.1-6.10.1 (s390x|x86_64) 0:1.4.1-6.10.1 (x86_64) 0:1.4.1-6.14.1 (x86_64) 0:1.4.1-6.17.1 (x86_64) 0:1.4.1-6.20.1 (x86_64) 0:1.4.1-6.24.1 (x86_64) 0:1.4.1-6.27.1 (x86_64) 0:1.4.1-6.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.0-307.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.1-20.2.1 (x86_64) 0:0.43-1.2.5.3 (x86_64) 0:1.10-6.1 (x86_64) 0:1.10-7.3.1 (x86_64) 0:1.0.4-1.18.1 (x86_64) 0:1.0.4-1.25.1 (x86_64) 0:1.0.4-1.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.20-0.5.1 (ppc64|s390x|x86_64) 0:2.4.20-0.5.1 (ia64) 0:2.4.20-0.5.1 (x86_64) 0:1.7.0-1.3.3.1 (x86_64) 0:1.7.0-1.3.6.1 (x86_64) 0:1.7.0-1.3.13.1 (x86_64) 0:1.7.0-1.3.16.1 (x86_64) 0:1.7.0-1.3.19.1 (x86_64) 0:1.7.0-1.3.19.4 (i586|s390x|x86_64) 0:2.03-12.3.1 (s390x|x86_64) 0:2.03-12.3.1 (x86_64) 0:0.0.20060920alpha-74.5.1 (x86_64) 0:0.0.20060920alpha-74.10.1 (x86_64) 0:0.0.20060920alpha-74.11.6.1 (x86_64) 0:0.0.20060920alpha-74.11.9.3 (i586|ia64|ppc64|s390x|x86_64) 0:5.0.96-0.4.1 (ppc64|s390x|x86_64) 0:5.0.96-0.4.1 (ia64) 0:5.0.96-0.4.1 (x86_64) 0:1.1-49.22.6.3.6 (i586|ia64|ppc64|s390x|x86_64) 0:0.11.6-5.27.1 (ppc64|s390x|x86_64) 0:0.11.6-5.27.1 (ia64) 0:0.11.6-5.27.1 (i586|s390x|x86_64) 0:0.9.8j-0.66.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.44.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.44.1 (ia64) 0:0.9.8j-0.44.1 (x86_64) 0:3.2.0-10.3.1 (x86_64) 0:3.2.0-10.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.3.1 (ppc64|s390x|x86_64) 0:7.4-8.26.3.1 (ia64) 0:7.4-8.26.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.31.1 (ppc64|s390x|x86_64) 0:1.2.31-5.31.1 (ia64) 0:1.2.31-5.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.13.1 (ppc64|s390x|x86_64) 0:1.2.31-5.13.1 (ia64) 0:1.2.31-5.13.1 (x86_64) 0:1.2.31-5.43.1 (x86_64) 0:1.2.31-5.44.3.4 (i586|ia64|ppc64|s390x|x86_64) 0:0.12.3-1.3.1 (x86_64) 0:0.9.21-1.16.2 (x86_64) 0:4.6.3-5.20.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.18-28.23.2 (i586|x86_64) 0:0.29.6-6.5.1 (x86_64) 0:0.29.6-6.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.26.0-2.3.1 (ppc64|s390x|x86_64) 0:2.26.0-2.3.1 (ia64) 0:2.26.0-2.3.1 (x86_64) 0:0.6.1-122.6.1 (x86_64) 0:2.26.0-2.6.8.3 (x86_64) 0:0.1.4-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.20-2.4.1 (ppc64|s390x|x86_64) 0:1.0.20-2.4.1 (ia64) 0:1.0.20-2.4.1 (x86_64) 0:1.0.20-2.13.1 (x86_64) 0:1.0.20-2.18.1 (x86_64) 0:1.0.20-2.19.7.3 (x86_64) 0:1.0.20-2.19.12.1 (x86_64) 0:1.0.20-2.19.15.1 (x86_64) 0:1.0.20-2.19.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.4.2.1-8.12.10.1 (ppc64|s390x|x86_64) 0:5.4.2.1-8.12.10.1 (ia64) 0:5.4.2.1-8.12.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.2-0.3.1 (ppc64|s390x|x86_64) 0:2.28.2-0.3.1 (ia64) 0:2.28.2-0.3.1 (x86_64) 0:2.28.2-0.3.3.39 (x86_64) 0:1.2.9-4.2.6.1 (x86_64) 0:1.2.9-4.2.12.5.1 (x86_64) 0:1.2.9-4.2.12.8.1 (x86_64) 0:1.2.9-4.2.12.11.1 (x86_64) 0:1.2.9-4.2.12.18.1 (x86_64) 0:1.5-1.35.5.1 (x86_64) 0:1.3.3-12.2.1 (noarch) 0:6.0.41-0.43.1 (x86_64) 0:1.3.3-12.4.1 (x86_64) 0:1.3.4-12.5.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.8.2-141.148.1 (ppc64|s390x|x86_64) 0:3.8.2-141.148.1 (ia64) 0:3.8.2-141.148.1 (x86_64) 0:0.2.1-1.12.3 (x86_64) 0:0.1.6+git20080930-8.2 (x86_64) 0:0.2.1-1.13.3.3 (x86_64) 0:0.2.1-1.13.6.1 (x86_64) 0:0.98.6-28.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.2-0.2.4.1 (x86_64) 0:0.9.1-156.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.0-79.20.1 (ppc64|s390x|x86_64) 0:1.2.0-79.20.1 (ia64) 0:1.2.0-79.20.1 (x86_64) 0:1.2.0-79.20.3.1 (x86_64) 0:1.2.0-79.20.6.1 (x86_64) 0:1.2.0-79.20.11.1 (x86_64) 0:1.2.0-79.20.14.1 (x86_64) 0:2.2.3-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.3-0.6.1 (ppc64|s390x|x86_64) 0:3.0.3-0.6.1 (ia64) 0:3.0.3-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.19.1 (ppc64|s390x|x86_64) 0:2.7.6-0.19.1 (i586|s390x|x86_64) 0:2.7.6-0.31.1 (ia64) 0:2.7.6-0.19.1 (x86_64) 0:2.7.6-0.40.1 (x86_64) 0:2.7.6-0.40.3 (x86_64) 0:2.7.6-0.44.1 (x86_64) 0:2.7.6-0.44.4 (x86_64) 0:2.7.6-0.50.1 (x86_64) 0:2.7.6-0.50.4 (x86_64) 0:2.7.6-0.64.1 (x86_64) 0:2.7.6-0.64.4 (x86_64) 0:2.7.6-0.69.1 (x86_64) 0:2.7.6-0.69.3 (x86_64) 0:2.7.6-0.76.1 (x86_64) 0:2.7.6-0.76.4 (x86_64) 0:2.7.6-0.77.3.2 (x86_64) 0:2.7.6-0.77.3.5 (x86_64) 0:2.7.6-0.77.10.1 (x86_64) 0:2.7.6-0.77.15.1 (x86_64) 0:2.7.6-0.77.18.1 (x86_64) 0:2.7.6-0.77.27.2 (x86_64) 0:2.7.6-0.77.27.3 (x86_64) 0:2.7.6-0.77.30.1 (x86_64) 0:2.7.6-0.77.33.1 (x86_64) 0:2.7.6-0.77.36.1 (x86_64) 0:2.7.6-0.77.39.1 (x86_64) 0:2.7.6-0.77.43.1 (x86_64) 0:2.7.6-0.34.4 (x86_64) 0:2.7.6-0.37.4 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.24-19.19.1 (ppc64|s390x|x86_64) 0:1.1.24-19.19.1 (ia64) 0:1.1.24-19.19.1 (x86_64) 0:1.1.24-19.33.1 (x86_64) 0:1.1.24-19.34.3.1 (x86_64) 0:1.1.24-19.34.8.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.9-1.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.02.39-18.31.2 (x86_64) 0:2.1.15-9.6.3.1 (x86_64) 0:2.1.15-9.6.6.1 (x86_64) 0:2.1.15-9.6.12.1 (x86_64) 0:2.1.15-9.6.15.1 (x86_64) 0:2.1.15-9.6.20.1 (x86_64) 0:2.1.15-9.6.23.1 (x86_64) 0:2.1.15-9.6.26.1 (x86_64) 0:45.5.1esr-63.1 (x86_64) 0:3.21.3-30.1 (x86_64) 0:1.1.36-28.3.1 (x86_64) 0:1.1.36-28.6.7 (x86_64) 0:1.17-102.57.64.3.1 (x86_64) 0:1.17-102.57.64.6.1 (x86_64) 0:1.17-102.57.64.12.1 (x86_64) 0:1.17-102.57.64.15.1 (x86_64) 0:1.17-102.57.64.18.1 (x86_64) 0:1.17-102.57.64.21.1 (x86_64) 0:2.3-27.24.6.2 (x86_64) 0:2.0.1-1.38.1 (x86_64) 0:38.6.1esr-33.1 (x86_64) 0:38-15.58 (x86_64) 0:3.20.2-17.5 (i586|s390x|x86_64) 0:38.2.0esr-10.1 (i586|s390x|x86_64) 0:31.0-0.5.7.11 (i586|s390x|x86_64) 0:4.7.2_20130108-0.37.2 (i586|s390x|x86_64) 0:3.19.2.0-0.7.1 (s390x|x86_64) 0:3.19.2.0-0.7.1 (i586|s390x|x86_64) 0:4.10.8-0.8.1 (s390x|x86_64) 0:4.10.8-0.8.1 (x86_64) 0:3.68.1-38.40.1 (i586|s390x|x86_64) 0:3.15.2-0.3.1 (s390x|x86_64) 0:3.15.2-0.3.1 (i586|s390x|x86_64) 0:4.10.1-0.3.1 (s390x|x86_64) 0:4.10.1-0.3.1 (x86_64) 0:3.53.1-38.23.1 (x86_64) 0:4.25-29.12.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.1.19-0.2.1 (ppc64|s390x|x86_64) 0:1.9.1.19-0.2.1 (ia64) 0:1.9.1.19-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.9.2.27-0.2.1 (ppc64|s390x|x86_64) 0:1.9.2.27-0.2.1 (ia64) 0:1.9.2.27-0.2.1 (x86_64) 0:1.5.17-42.37.1 (x86_64) 0:1.5.17-42.43.1 (x86_64) 0:1.5.17-42.51.1 (x86_64) 0:1.5.17-42.56.1 (x86_64) 0:1.5.17-42.62.1 (x86_64) 0:1.5.17-42.65.1 (x86_64) 0:5.0.96-0.8.10.3 (x86_64) 0:3.0.6-1.25.36.3.1 (x86_64) 0:2.12-24.4.10.3.3 (x86_64) 0:2.28.4-1.16.21.3.1 (x86_64) 0:5.6-93.20.1 (x86_64) 0:5.6-93.23.1 (x86_64) 0:5.6-93.26.1 (x86_64) 0:10.26.44-101.14.1 (x86_64) 0:10.26.44-101.15.5.2 (x86_64) 0:4.75-1.30.5.2 (i586|s390x|x86_64) 0:3.15.3-0.3.1 (s390x|x86_64) 0:3.15.3-0.3.1 (i586|s390x|x86_64) 0:4.10.2-0.3.1 (s390x|x86_64) 0:4.10.2-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.12.11-3.2.2.1 (ppc64|s390x|x86_64) 0:3.12.11-3.2.2.1 (ia64) 0:3.12.11-3.2.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.8.9-1.2.2.1 (ppc64|s390x|x86_64) 0:4.8.9-1.2.2.1 (ia64) 0:4.8.9-1.2.2.1 (x86_64) 0:4.2.8p6-41.1 (noarch) 0:2.17.14.1-1.12.1 (x86_64) 0:4.2.8p7-44.1 (x86_64) 0:1.5-1.34.1 (x86_64) 0:4.2.8p8-47.3 (x86_64) 0:4.2.8p9-48.9.1 (x86_64) 0:4.2.8p10-48.15.1 (x86_64) 0:4.2.8p11-48.18.1 (x86_64) 0:4.2.8p12-48.21.1 (x86_64) 0:4.2.8p13-48.27.1 (x86_64) 0:4.2.8p15-48.30.1 (i586|ia64|ppc64|x86_64) 0:1.5.2-0.9.13.1 (i586|ia64|ppc64|x86_64) 0:1.5.2_2.6.32.46_0.3-0.9.13.1 (i586) 0:1.5.2_2.6.32.46_0.3-0.9.13.1 (ppc64) 0:1.5.2_2.6.32.46_0.3-0.9.13.1 (x86_64) 0:2.3.37-2.17.31.5.1 (x86_64) 0:2.4.26-0.17.31.5.1 (x86_64) 0:2.3.37-2.17.31.9.1 (x86_64) 0:2.4.26-0.17.31.9.1 (x86_64) 0:2.3.37-2.17.31.12.1 (x86_64) 0:2.4.26-0.17.31.12.1 (x86_64) 0:2.3.37-2.17.31.15.1 (x86_64) 0:2.4.26-0.17.31.15.1 (x86_64) 0:2.3.37-2.17.31.18.1 (x86_64) 0:2.4.26-0.17.31.18.1 (x86_64) 0:2.3.37-2.17.18.1 (x86_64) 0:2.4.26-0.17.18.1 (x86_64) 0:2.3.37-2.17.23.1 (x86_64) 0:2.4.26-0.17.23.1 (x86_64) 0:0.11.6-5.27.3.1 (x86_64) 0:0.11.6-5.27.6.10 (x86_64) 0:0.11.6-5.27.9.1 (x86_64) 0:0.11.6-5.27.14.1 (x86_64) 0:1.2.0-172.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.1p1-41.55.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.1p1-41.51.1 (x86_64) 0:5.1p1-41.69.1 (x86_64) 0:5.1p1-41.69.4 (x86_64) 0:5.1p1-41.74.1 (x86_64) 0:5.1p1-41.74.3 (x86_64) 0:5.1p1-41.79.2 (x86_64) 0:5.1p1-41.79.6 (x86_64) 0:5.1p1-41.80.3.3 (x86_64) 0:1.2.4.1-3.3.3 (x86_64) 0:6.6p1-3.3.2 (x86_64) 0:6.6p1-80.10.1 (x86_64) 0:6.6p1-80.15.1 (x86_64) 0:5.1p1-41.61.1 (x86_64) 0:6.6p1-3.8.1 (x86_64) 0:0.9.8j-0.97.1 (x86_64) 0:0.9.8j-0.102.2 (x86_64) 0:0.9.8j-0.105.1 (x86_64) 0:0.9.8j-0.106.9.1 (x86_64) 0:0.9.8j-0.106.12.1 (x86_64) 0:0.9.8j-0.106.15.1 (x86_64) 0:0.9.8j-0.106.18.1 (x86_64) 0:0.9.8j-0.106.21.1 (x86_64) 0:0.9.8j-0.106.25.1 (x86_64) 0:0.9.8j-0.106.28.1 (x86_64) 0:0.9.8j-0.106.31.1 (x86_64) 0:0.9.8j-0.106.34.1 (x86_64) 0:0.9.8j-0.106.37.1 (x86_64) 0:0.9.8j-0.106.40.1 (x86_64) 0:0.9.8j-0.106.43.1 (x86_64) 0:0.9.8j-0.106.46.1 (x86_64) 0:1.0.1g-0.47.1 (x86_64) 0:1.0.1g-0.52.1 (x86_64) 0:1.0.1g-0.57.1 (x86_64) 0:1.0.1g-0.58.3.1 (x86_64) 0:1.0.1g-0.58.9.1 (x86_64) 0:1.0.1g-0.58.12.1 (x86_64) 0:1.0.1g-0.58.15.1 (x86_64) 0:1.0.1g-0.58.18.1 (x86_64) 0:1.0.1g-0.58.21.1 (x86_64) 0:1.0.1g-0.58.24.1 (x86_64) 0:1.0.1g-0.58.27.2 (x86_64) 0:1.0.1g-0.58.30.1 (x86_64) 0:1.0.1g-0.58.33.1 (x86_64) 0:1.0.1g-0.58.36.2 (x86_64) 0:1.0.1g-0.58.39.1 (x86_64) 0:1.0.1g-0.58.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.16-1.36.1 (x86_64) 0:2.0.9-143.33.3.1 (x86_64) 0:2.0.9-143.35.5.1 (x86_64) 0:2.0.9-143.35.8.1 (x86_64) 0:2.0.9-143.35.9.3.1 (x86_64) 0:2.0.9-143.35.9.6.1 (x86_64) 0:2.2.3-0.16.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4-662.18.1 (ppc64|s390x|x86_64) 0:2.4-662.18.1 (ia64) 0:2.4-662.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2011.6.28-0.3.1 (x86_64) 0:2.28.3-0.5.10 (x86_64) 0:1.0.4-0.9.3.1 (x86_64) 0:11-1.22.4.1 (x86_64) 0:0.6.0-141.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.26.2-1.3.1 (ppc64|s390x|x86_64) 0:1.26.2-1.3.1 (ia64) 0:1.26.2-1.3.1 (x86_64) 0:2.5.9-252.22.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.8-3.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.102-1.37.3 (ppc64|s390x|x86_64) 0:1.4.102-1.37.3 (ia64) 0:1.4.102-1.37.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.102-1.31.2 (ppc64|s390x|x86_64) 0:1.4.102-1.31.2 (ia64) 0:1.4.102-1.31.2 (i586|ppc64|s390x|x86_64) 0:2.6.32.46-2.5.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.55.1 (ppc64|s390x|x86_64) 0:5.10.0-64.55.1 (ia64) 0:5.10.0-64.55.1 (x86_64) 0:5.10.0-64.61.63.3.1 (x86_64) 0:1.24-4.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.33-2.8 (x86_64) 0:0.22-3.3.1 (x86_64) 0:4.008-6.1 (x86_64) 0:4.008-9.1 (x86_64) 0:4.008-10.5.1 (x86_64) 0:1.607-3.3.1 (x86_64) 0:1.607-3.6.1 (x86_64) 0:0.2019-32.3.1 (x86_64) 0:1.66-3.3.1 (x86_64) 0:5.2.14-0.7.30.72.1 (x86_64) 0:5.2.14-0.7.30.79.1 (x86_64) 0:5.2.14-0.7.30.84.1 (x86_64) 0:5.2.14-0.7.30.89.1 (x86_64) 0:5.2.14-0.7.30.94.1 (x86_64) 0:5.2.14-0.7.30.97.1 (x86_64) 0:5.2.14-0.7.30.100.1 (x86_64) 0:5.2.14-0.7.30.103.1 (x86_64) 0:5.2.14-0.7.30.110.1 (x86_64) 0:5.2.14-0.7.30.111.5.1 (x86_64) 0:5.2.14-0.7.30.111.8.2 (x86_64) 0:5.2.14-0.7.30.111.11.1 (x86_64) 0:5.2.14-0.7.30.111.16.1 (x86_64) 0:5.2.14-0.7.30.111.20.1 (x86_64) 0:5.2.14-0.7.30.111.23.1 (x86_64) 0:5.2.14-0.7.30.111.26.1 (x86_64) 0:5.2.14-0.7.30.111.35.1 (x86_64) 0:5.2.14-0.7.30.111.38.1 (x86_64) 0:5.2.14-0.7.30.111.41.1 (x86_64) 0:5.2.14-111.46.1 (x86_64) 0:5.2.14-111.51.2 (x86_64) 0:5.2.14-111.54.1 (x86_64) 0:5.2.14-111.59.1 (x86_64) 0:5.2.14-111.62.1 (x86_64) 0:5.2.14-111.69.1 (x86_64) 0:5.2.14-111.72.1 (x86_64) 0:5.2.14-111.77.1 (x86_64) 0:5.2.14-111.80.1 (x86_64) 0:0.16.0-2.7.3.1 (x86_64) 0:2.0.79-4.8.1 (x86_64) 0:2.0.79-4.9.3.3 (x86_64) 0:0.12.3-1.12.1 (x86_64) 0:0.12.3-1.13.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.7-37.29.33.1 (ppc64|s390x|x86_64) 0:1.7-37.29.33.1 (ia64) 0:1.7-37.29.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.2.3-37.29.33.1 (ppc64|s390x|x86_64) 0:4.4.2.3-37.29.33.1 (x86_64) 0:4.4.2.3-37.29.35.1 (ia64) 0:4.4.2.3-37.29.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.3.20-0.4.1 (noarch) 0:9.1-0.6.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.3.18-0.3.1 (ppc64|s390x|x86_64) 0:8.3.18-0.3.1 (ia64) 0:8.3.18-0.3.1 (noarch) 0:9.4-0.5.3.1 (x86_64) 0:10.6-0.2.5.1 (noarch) 0:10-0.8.3.1 (x86_64) 0:10.8-0.2.8.1 (x86_64) 0:10.9-0.2.11.1 (x86_64) 0:10.10-0.2.14.1 (x86_64) 0:10.12-0.2.18.2 (x86_64) 0:10.14-0.2.21.1 (x86_64) 0:10.15-0.2.24.1 (x86_64) 0:10.17-0.2.30.2 (x86_64) 0:10.19-0.2.36.1 (x86_64) 0:9.1.18-0.3.1 (x86_64) 0:9.1.19-0.5.1 (x86_64) 0:9.4.9-0.19.1 (x86_64) 0:9.4.12-0.22.3 (x86_64) 0:9.4.13-0.23.5.1 (x86_64) 0:9.4.15-0.23.10.1 (x86_64) 0:9.4.16-0.23.13.2 (x86_64) 0:9.4.17-0.23.16.1 (x86_64) 0:9.4.19-0.23.19.1 (x86_64) 0:9.4.24-0.23.22.1 (x86_64) 0:2.4.5.git-2.31.7 (x86_64) 0:2.4.5.git-2.32.3.1 (x86_64) 0:3.22-240.8.1 (x86_64) 0:3.22-240.8.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.17-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.8-0.2.35 (x86_64) 0:2.7.26-0.5.3.1 (x86_64) 0:2.7.26-0.5.6.1 (x86_64) 0:2.6.9-40.21.1 (x86_64) 0:2.6.9-40.24.1 (x86_64) 0:2.6.9-40.29.1 (x86_64) 0:2.6.9-40.32.1 (x86_64) 0:2.6.9-40.32.2 (x86_64) 0:2.6.9-40.35.1 (x86_64) 0:2.6.9-40.35.2 (x86_64) 0:2.6.9-40.40.1 (noarch) 0:2.6-8.40.40.1 (x86_64) 0:2.6.9-40.43.1 (noarch) 0:2.6-8.40.43.1 (x86_64) 0:2.6.9-40.48.1 (x86_64) 0:2.6.9-40.53.1 (x86_64) 0:2.6.9-40.53.2 (noarch) 0:2.6-8.40.53.1 (x86_64) 0:2.6.9-40.58.1 (noarch) 0:2.6-8.40.58.1 (i586|s390x|x86_64) 0:2.6.9-0.31.1 (s390x|x86_64) 0:2.6.9-0.31.1 (x86_64) 0:1.1.6-168.34.1 (x86_64) 0:1.3.0-1.3.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.0-3.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.8-0.13.1 (ppc64|s390x|x86_64) 0:2.6.8-0.13.1 (ia64) 0:2.6.8-0.13.1 (noarch) 0:2.6-8.13.2 (x86_64) 0:2.7.9-6.6.1 (x86_64) 0:2.7.9-6.6.3 (noarch) 0:2.7.9-6.6.1 (x86_64) 0:2.7.9-6.9.2 (noarch) 0:2.7.9-6.9.2 (x86_64) 0:2.7.9-6.14.1 (x86_64) 0:2.7.9-6.14.2 (noarch) 0:2.7.9-6.14.1 (x86_64) 0:2.7.9-6.17.1 (x86_64) 0:2.7.9-6.17.3 (noarch) 0:2.7.9-6.17.1 (x86_64) 0:2.7.9-6.20.1 (noarch) 0:2.7.9-6.20.1 (x86_64) 0:2.7.16-6.34.1 (noarch) 0:2.7.16-6.34.1 (x86_64) 0:2.7.17-6.44.1 (noarch) 0:20190408.32abece-2.5.1 (noarch) 0:2.7.17-6.44.1 (x86_64) 0:2.7.17-6.55.1 (noarch) 0:2.7.17-6.55.1 (x86_64) 0:2.7.17-6.58.1 (noarch) 0:2.7.17-6.58.1 (x86_64) 0:2.7.17-6.63.1 (noarch) 0:2.7.17-6.63.1 (x86_64) 0:2.7.18-6.66.1 (noarch) 0:2.7.18-6.66.1 (x86_64) 0:2.7.18-6.71.1 (noarch) 0:2.7.18-6.71.1 (x86_64) 0:2.7.18-6.74.1 (noarch) 0:2.7.18-6.74.1 (x86_64) 0:2.7.18-6.77.1 (noarch) 0:2.7.18-6.77.1 (x86_64) 0:2.7.16-6.29.2 (noarch) 0:2.7.16-6.29.2 (noarch) 0:18.0.1-4.2.9 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.15-0.10.1 (x86_64) 0:0.99.15-0.16.1 (x86_64) 0:0.99.15-0.21.1 (x86_64) 0:0.99.15-0.24.2 (x86_64) 0:0.99.15-0.29.1 (x86_64) 0:0.99.15-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.16-50.36.36.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.1-1.24.4.1 (x86_64) 0:8.14.3-50.24.1 (x86_64) 0:3.0.4-2.42.1 (x86_64) 0:3.0.4-2.47.1 (x86_64) 0:3.0.4-2.48.4.1 (x86_64) 0:3.0.4-2.48.8.1 (x86_64) 0:1.8.7.p357-0.9.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.8.7.p357-0.7.1 (i586|x86_64) 0:0.12.21~rc-936.3.1 (x86_64) 0:3.4.3-56.2 (x86_64) 0:1.34b-56.2 (x86_64) 0:3.4.3-59.1 (x86_64) 0:1.34b-59.1 (x86_64) 0:3.4.3-63.1 (x86_64) 0:1.34b-63.1 (x86_64) 0:3.4.3-66.2 (x86_64) 0:1.34b-66.2 (x86_64) 0:3.4.3-69.1 (x86_64) 0:1.34b-69.1 (x86_64) 0:3.4.3-70.3.1 (x86_64) 0:1.34b-70.3.1 (x86_64) 0:3.4.3-70.6.1 (x86_64) 0:1.34b-70.6.1 (x86_64) 0:3.4.3-70.9.1 (x86_64) 0:1.34b-70.9.1 (x86_64) 0:3.4.3-70.12.2 (x86_64) 0:1.34b-70.12.2 (x86_64) 0:3.4.3-70.15.1 (x86_64) 0:1.34b-70.15.1 (x86_64) 0:3.4.3-70.18.1 (x86_64) 0:1.34b-70.18.1 (x86_64) 0:3.4.3-70.21.1 (x86_64) 0:1.34b-70.21.1 (x86_64) 0:1.0.20-7.8.1 (x86_64) 0:1.3.7-0.21.4 (x86_64) 0:4.0.2-162.19.2.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0.0-1.16.1 (x86_64) 0:1.7.0.0-1.18.2 (x86_64) 0:1.1.99.91-16.3.1 (x86_64) 0:3.6.4-4.3.2 (x86_64) 0:3.6.4-4.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.10.1 (x86_64) 0:2.7.STABLE5-2.12.24.2 (x86_64) 0:2.7.STABLE5-2.12.29.1 (x86_64) 0:2.7.STABLE5-2.12.30.3.2 (x86_64) 0:2.7.STABLE5-2.12.30.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.12-8.10.1 (x86_64) 0:3.1.23-8.16.30.1 (x86_64) 0:3.1.23-8.16.36.1 (x86_64) 0:3.1.23-8.16.37.3.1 (x86_64) 0:3.1.23-8.16.37.6.1 (x86_64) 0:3.1.23-8.16.37.9.1 (x86_64) 0:3.1.23-8.16.37.12.1 (x86_64) 0:3.1.23-8.16.37.15.1 (x86_64) 0:3.1.23-8.16.37.18.1 (x86_64) 0:1.4-13.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.13.1 (x86_64) 0:4.4.0-6.32.1 (x86_64) 0:4.4.0-6.35.1 (x86_64) 0:4.4.0-6.36.3.1 (x86_64) 0:4.4.0-6.36.6.1 (x86_64) 0:4.4.0-6.36.9.1 (x86_64) 0:4.4.0-6.36.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.6p2-0.2.8.1 (x86_64) 0:1.7.6p2-0.2.20.1 (x86_64) 0:1.7.6p2-0.2.21.6.1 (x86_64) 0:2.0.9-27.34.40.5.1 (x86_64) 0:1.0.8-9.18.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.1.1-100.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5-19.23.4 (ppc64|s390x|x86_64) 0:1.5-19.23.4 (ia64) 0:1.5-19.23.4 (x86_64) 0:1.26-1.2.10.1 (x86_64) 0:1.27.1-14.8.1 (x86_64) 0:1.27.1-14.14.1 (x86_64) 0:3.9.8-1.27.1 (x86_64) 0:3.9.8-1.29.1 (x86_64) 0:3.9.8-1.30.5.1 (x86_64) 0:3.9.8-1.30.13.1 (x86_64) 0:3.9.8-1.30.16.1 (x86_64) 0:3.9.8-1.30.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.48-101.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.10-0.8.1 (x86_64) 0:3.8.2-141.168.1 (x86_64) 0:3.8.2-141.169.3.1 (x86_64) 0:3.8.2-141.169.6.1 (x86_64) 0:3.8.2-141.169.9.1 (x86_64) 0:3.8.2-141.169.16.1 (x86_64) 0:3.8.2-141.169.19.1 (x86_64) 0:3.8.2-141.169.22.1 (x86_64) 0:3.8.2-141.169.26.1 (x86_64) 0:3.8.2-141.169.31.1 (x86_64) 0:3.8.2-141.169.34.1 (x86_64) 0:1.3.9-81.15.3.1 (noarch) 0:6.0.45-0.53.2 (noarch) 0:6.0.18-20.35.36.1 (noarch) 0:6.0.45-0.50.1 (noarch) 0:6.0.53-0.57.7.1 (noarch) 0:6.0.53-0.57.10.1 (x86_64) 0:3.2.5-160.3.2 (x86_64) 0:3.2.5-160.6.20 (x86_64) 0:3.2.8a-1.160.13.1 (x86_64) 0:3.2.8b-160.16.2 (x86_64) 0:3.80.2-4.1 (x86_64) 0:5.6.1-5.3.1 (x86_64) 0:5.52-142.29.1 (x86_64) 0:5.52-142.33.1 (x86_64) 0:5.52-142.34.3.1 (x86_64) 0:5.52-142.34.8.7 (x86_64) 0:5.52-142.34.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.2-61.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.16-6.11.1 (ppc64|s390x|x86_64) 0:2.16-6.11.1 (ia64) 0:2.16-6.11.1 (x86_64) 0:7.2-10.1 (x86_64) 0:7.2-13.7 (x86_64) 0:7.2-18.1 (x86_64) 0:7.2-21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.1-2.3.1 (x86_64) 0:2.28.1-2.5.3.16 (i586|ia64|ppc64|s390x|x86_64) 0:0.22.5-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.2-132.2.1 (x86_64) 0:0.5.3.git20161120-4.1 (x86_64) 0:0.5.3.git20161120-5.3.37 (x86_64) 0:4.50.1-1.27.1 (x86_64) 0:4.50.1-1.30.1 (x86_64) 0:4.50.1-1.33.1 (i586|s390x|x86_64) 0:1.11.4-1.19.1 (x86_64) 0:1.11.4-1.32.1 (x86_64) 0:1.11.4-1.40.1 (x86_64) 0:1.11.4-1.41.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.13-0.2.1 (x86_64) 0:1.12.7-0.5.3 (x86_64) 0:1.12.9-0.12.1 (x86_64) 0:1.12.11-0.18.1 (x86_64) 0:1.12.13-0.23.1 (x86_64) 0:1.7.4-7.3.2 (x86_64) 0:2.0.12-36.1 (x86_64) 0:2.0.13-39.1 (x86_64) 0:2.0.14-40.7.1 (x86_64) 0:0.109.2-67.2.1 (x86_64) 0:0.4.5-2.7.2.1 (x86_64) 0:2.2.11-40.14.5 (x86_64) 0:19-234.18.1 (x86_64) 0:2.2.12-40.17.1 (x86_64) 0:2.2.13-40.22.1 (x86_64) 0:2.2.14-40.25.1 (x86_64) 0:2.2.16-40.28.1 (x86_64) 0:2.2.17-40.31.1 (x86_64) 0:0.6.9-4.9.1 (i586|x86_64) 0:4.0.3_21548_12-0.3.1 (i586|x86_64) 0:4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1 (i586) 0:4.0.3_21548_18_2.6.32.59_0.19-0.21.1 (i586|x86_64) 0:4.0.3_21548_18-29.1 (i586|x86_64) 0:4.0.3_21548_18_2.6.32.59_0.19-29.1 (i586) 0:4.0.3_21548_18_2.6.32.59_0.19-29.1 (x86_64) 0:4.0.3_21548_18-27.6 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.68.TDC-27.6 (x86_64) 0:4.0.3_21548_18-30.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.68.TDC-30.1 (x86_64) 0:4.0.3_21548_18-36.4 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.85.TDC-36.4 (x86_64) 0:4.0.3_21548_18-41.4 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.94.TDC-41.4 (x86_64) 0:4.0.3_21548_18-44.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.97.TDC-44.1 (x86_64) 0:4.0.3_21548_18-49.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.103.TDC-49.1 (x86_64) 0:4.0.3_21548_18-52.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.103.TDC-52.1 (x86_64) 0:4.0.3_21548_18-53.5.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.112.TDC-53.5.1 (x86_64) 0:4.0.3_21548_18-53.8.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.112.TDC-53.8.1 (x86_64) 0:4.0.3_21548_18-53.11.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.116.TDC-53.11.1 (x86_64) 0:4.0.3_21548_18-53.14.4 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.122.TDC-53.14.4 (x86_64) 0:4.0.3_21548_18-53.19.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.133.TDC-53.19.1 (x86_64) 0:4.0.3_21548_20-53.24.1 (x86_64) 0:4.0.3_21548_20_2.6.32.54_0.172.TDC-53.24.1 (x86_64) 0:4.0.3_21548_20-53.27.1 (x86_64) 0:4.0.3_21548_20_2.6.32.54_0.178.TDC-53.27.1 (i586|x86_64) 0:0.7.6-1.21.1 (i586|x86_64) 0:0.4.30-0.3.2 (i586|x86_64) 0:4.0.1_21326_08-0.5.1 (i586|x86_64) 0:4.0.1_21326_08_2.6.32.36_0.5-0.5.1 (i586) 0:4.0.1_21326_08_2.6.32.36_0.5-0.5.1 (i586|x86_64) 0:0.4.31-0.3.5 (i586|x86_64) 0:4.0.2_21511_02-0.7.1 (i586|x86_64) 0:4.0.2_21511_02_2.6.32.43_0.4-0.7.1 (i586) 0:4.0.2_21511_02_2.6.32.43_0.4-0.7.1 (i586|x86_64) 0:0.7.6-1.29.2 (i586|x86_64) 0:1.1.3-1.5.1 (i586|x86_64) 0:4.0.3_21548_02-0.5.2 (i586|x86_64) 0:4.0.3_21548_02_2.6.32.54_0.3-0.5.2 (i586) 0:4.0.3_21548_02_2.6.32.54_0.3-0.5.2 (i586|x86_64) 0:4.0.3_21548_04-0.9.1 (i586|x86_64) 0:4.0.3_21548_04_2.6.32.59_0.5-0.9.1 (i586) 0:4.0.3_21548_04_2.6.32.59_0.5-0.9.1 (i586|x86_64) 0:0.4.34-0.3.1 (i586|x86_64) 0:4.0.3_21548_08-0.7.1 (i586|x86_64) 0:4.0.3_21548_08_2.6.32.59_0.7-0.7.1 (i586) 0:4.0.3_21548_08_2.6.32.59_0.7-0.7.1 (i586|x86_64) 0:4.0.3_21548_10-0.5.1 (i586|x86_64) 0:4.0.3_21548_10_2.6.32.59_0.7-0.5.1 (i586) 0:4.0.3_21548_10_2.6.32.59_0.7-0.5.1 (x86_64) 0:4.0.3_21548_11-0.3.1 (x86_64) 0:4.0.3_21548_11_2.6.32.54_0.11.TDC-0.3.1 (x86_64) 0:4.0.3_21548_14-0.5.1 (x86_64) 0:4.0.3_21548_14_2.6.32.54_0.31.TDC-0.5.1 (i586|x86_64) 0:4.0.3_21548_16-0.7.1 (i586|x86_64) 0:4.0.3_21548_16_2.6.32.54_0.33.TDC-0.7.1 (i586) 0:4.0.3_21548_16_2.6.32.59_0.9-0.5.1 (x86_64) 0:4.0.3_21548_18-0.5.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.45.TDC-0.5.1 (i586|x86_64) 0:4.0.3_21548_18-0.17.1 (i586|x86_64) 0:4.0.3_21548_18_2.6.32.54_0.55.TDC-0.17.1 (i586) 0:4.0.3_21548_18_2.6.32.59_0.19-0.15.1 (i586|x86_64) 0:4.0.3_21548_18-0.23.1 (i586|x86_64) 0:4.0.3_21548_18_2.6.32.54_0.59.TDC-0.23.1 (i586) 0:4.0.3_21548_18_2.6.32.59_0.19-0.25.1 (x86_64) 0:4.0.3_21548_18-33.1 (x86_64) 0:4.0.3_21548_18_2.6.32.54_0.73.TDC-33.1 (i586|s390x|x86_64) 0:7.4-8.26.42.1 (s390x|x86_64) 0:7.4-8.26.42.1 (i586|s390x|x86_64) 0:7.4-5.11.15.1 (s390x|x86_64) 0:7.4-5.11.15.1 (x86_64) 0:7.4-5.11.65.1 (x86_64) 0:7.4-5.11.68.1 (x86_64) 0:7.4-5.11.72.9.1 (x86_64) 0:7.4-5.11.72.15.1 (x86_64) 0:7.4-5.11.72.18.1 (x86_64) 0:7.4-5.11.72.21.1 (x86_64) 0:7.4-5.11.72.24.1 (x86_64) 0:7.4-5.11.72.27.1 (i586|s390x|x86_64) 0:7.4-1.18.1 (s390x|x86_64) 0:7.4-1.18.1 (i586|s390x|x86_64) 0:7.4-1.16.1 (s390x|x86_64) 0:7.4-1.16.1 (x86_64) 0:7.4-1.20.1 (i586|s390x|x86_64) 0:7.4-1.19.1 (s390x|x86_64) 0:7.4-1.19.1 (x86_64) 0:7.4-8.26.49.1 (x86_64) 0:7.4-8.26.50.5.3 (x86_64) 0:7.4-8.26.50.8.1 (i586|s390x|x86_64) 0:7.4-1.22.5.1 (s390x|x86_64) 0:7.4-1.22.5.1 (x86_64) 0:7.4-27.40.78.1 (x86_64) 0:7.4-27.40.79.5.1 (x86_64) 0:7.4-27.40.79.8.1 (x86_64) 0:7.4-27.40.79.13.1 (x86_64) 0:7.4-27.40.79.16.1 (x86_64) 0:7.4-27.40.79.24.1 (x86_64) 0:7.4-27.40.79.27.1 (x86_64) 0:7.4-27.40.79.30.1 (x86_64) 0:7.4-27.40.79.33.1 (i586|x86_64) 0:7.3.99-17.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4_0.11.0-0.4.6.1 (ppc64|s390x|x86_64) 0:7.4_0.11.0-0.4.6.1 (ia64) 0:7.4_0.11.0-0.4.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-27.40.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.4-8.26.32.1 (ppc64|s390x|x86_64) 0:7.4-8.26.32.1 (ia64) 0:7.4-8.26.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.02-138.29.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.02-138.36.1 (x86_64) 0:5.07-6.36.1 (x86_64) 0:238-3.3.1 (x86_64) 0:5.0.3-0.12.7.1 (x86_64) 0:2.17.99.5-5.1 (x86_64) 0:1.2.7-0.8.1 (x86_64) 0:1.2.7-0.9.3.1 (x86_64) 0:4.3.6-67.9.3.1 (x86_64) 0:4.3.6-67.9.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.21-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.2-0.4.1 (i586|ppc64|s390x|x86_64) 0:1.6.0_sr10.0-0.3.1 (i586) 0:1.6.0_sr10.0-0.3.1 (i586|x86_64) 0:1.6.0_sr10.0-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.9.8j-0.28.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.28.1 (ia64) 0:0.9.8j-0.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.31-5.27.1 (ppc64|s390x|x86_64) 0:1.2.31-5.27.1 (ia64) 0:1.2.31-5.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.12-0.12.1 (i586|s390x|x86_64) 0:6.4.3.6-7.34.1 (s390x|x86_64) 0:6.4.3.6-7.34.1 (i586|s390x|x86_64) 0:6.4.3.6-7.37.1 (s390x|x86_64) 0:6.4.3.6-7.37.1 (i586|s390x|x86_64) 0:6.4.3.6-7.40.1 (s390x|x86_64) 0:6.4.3.6-7.40.1 (ia64) 0:7.11.2-0.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.9esr-0.3.1 (i586|s390x|x86_64) 0:38.5.0esr-28.2 (i586|s390x|x86_64) 0:38.8.0esr-40.1 (i586|s390x|x86_64) 0:45.3.0esr-48.1 (i586|s390x|x86_64) 0:45.0-20.38 (i586|s390x|x86_64) 0:2.11.0-4.2 (i586|s390x|x86_64) 0:3.21.1-26.2 (s390x|x86_64) 0:3.21.1-26.2 (i586|s390x|x86_64) 0:4.12-25.2 (s390x|x86_64) 0:4.12-25.2 (i586|s390x|x86_64) 0:45.4.0esr-52.1 (i586|s390x|x86_64) 0:45.6.0esr-66.1 (x86_64) 0:4.1.6_08-17.1 (i586|x86_64) 0:4.1.6_08-17.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.29-17.1 (i586) 0:4.1.6_08_3.0.101_0.7.29-17.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.8-0.4.7.1 (i586|s390x|x86_64) 0:1.0.14-0.4.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.10.1-4.131.9.1 (i586|s390x|x86_64) 0:9.9.6P1-0.5.5 (ppc64|s390x|x86_64) 0:9.9.4P2-0.6.1 (ia64) 0:9.9.4P2-0.6.1 (i586|s390x|x86_64) 0:9.9.6P1-0.12.1 (s390x|x86_64) 0:9.9.6P1-0.12.1 (i586|s390x|x86_64) 0:9.9.6P1-0.15.1 (s390x|x86_64) 0:9.9.6P1-0.15.1 (i586|s390x|x86_64) 0:9.9.6P1-0.19.1 (s390x|x86_64) 0:9.9.6P1-0.19.1 (i586|s390x|x86_64) 0:9.9.6P1-0.22.1 (s390x|x86_64) 0:9.9.6P1-0.22.1 (i586|s390x|x86_64) 0:9.9.6P1-0.25.1 (s390x|x86_64) 0:9.9.6P1-0.25.1 (i586|s390x|x86_64) 0:9.9.6P1-0.30.1 (s390x|x86_64) 0:9.9.6P1-0.30.1 (i586|s390x|x86_64) 0:9.9.6P1-0.33.1 (s390x|x86_64) 0:9.9.6P1-0.33.1 (i586|s390x|x86_64) 0:9.9.6P1-0.36.1 (s390x|x86_64) 0:9.9.6P1-0.36.1 (i586|s390x|x86_64) 0:2.5.5-9.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-12.33.39.1 (ppc64|s390x|x86_64) 0:3.6.3-0.33.39.1 (ia64) 0:3.6.3-0.33.39.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.4.3-1.50.1 (ppc64|s390x|x86_64) 0:3.4.3-1.50.1 (ia64) 0:3.4.3-1.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.97.8-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.12-6.25.29.1 (ia64) 0:8.12-6.25.29.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.48.1 (ia64) 0:1.3.9-8.46.48.1 (ppc64|s390x|x86_64) 0:7.19.7-1.20.31.1 (ia64) 0:7.19.7-1.20.31.1 (i586|s390x|x86_64) 0:4.2.4.P2-0.11.15.1 (i586|s390x|x86_64) 0:3.2.3-45.5.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.95-1.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.7-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.7.80 (ppc64|s390x|x86_64) 0:3.13.6-0.5.1 (ia64) 0:3.13.6-0.5.1 (ppc64|s390x|x86_64) 0:4.9.2-0.6.1 (ia64) 0:4.9.2-0.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.9-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.7.85 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.10-0.3.1 (ppc64|s390x|x86_64) 0:4.9.3-0.2.1 (ia64) 0:4.9.3-0.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.11-0.3.1 (ppc64|s390x|x86_64) 0:3.14-0.3.1 (ia64) 0:3.14-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:10.0.12-0.4.1 (ppc64|s390x|x86_64) 0:3.14.1-0.3.1 (ia64) 0:3.14.1-0.3.1 (ppc64|s390x|x86_64) 0:4.9.4-0.3.1 (ia64) 0:4.9.4-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.4esr-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.9.5 (ppc64|s390x|x86_64) 0:3.14.2-0.4.3.2 (ia64) 0:3.14.2-0.4.3.2 (ppc64|s390x|x86_64) 0:4.9.5-0.3.2 (ia64) 0:4.9.5-0.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.5esr-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.9.17 (ppc64|s390x|x86_64) 0:3.14.3-0.4.3.1 (ia64) 0:3.14.3-0.4.3.1 (ppc64|s390x|x86_64) 0:4.9.6-0.3.1 (ia64) 0:4.9.6-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.6esr-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.7esr-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.9.31 (i586|ia64|ppc64|s390x|x86_64) 0:17.0.10esr-0.4.2.4 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.6.9.62 (i586|s390x|x86_64) 0:24.3.0esr-0.4.2.2 (i586|s390x|x86_64) 0:24-0.4.10.4 (i586|s390x|x86_64) 0:38.3.0esr-20.1 (i586|s390x|x86_64) 0:4.10.9-11.1 (s390x|x86_64) 0:4.10.9-11.1 (i586|s390x|x86_64) 0:38.4.0esr-25.3 (i586|s390x|x86_64) 0:38-12.19 (i586|s390x|x86_64) 0:3.19.2.1-12.1 (s390x|x86_64) 0:3.19.2.1-12.1 (i586|s390x|x86_64) 0:4.10.10-16.1 (s390x|x86_64) 0:4.10.10-16.1 (i586|s390x|x86_64) 0:38.7.0esr-36.3 (i586|s390x|x86_64) 0:3.20.2-20.1 (s390x|x86_64) 0:3.20.2-20.1 (i586|s390x|x86_64) 0:4.12-19.1 (s390x|x86_64) 0:4.12-19.1 (ia64) 0:2.3.7-25.32.1 (i586|s390x|x86_64) 0:8.62-32.38.1 (i586|s390x|x86_64) 0:4.2.7-32.38.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.45.49.1 (ppc64|s390x|x86_64) 0:2.11.3-17.45.49.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.45.49.1 (ia64) 0:2.11.3-17.45.49.1 (i586|i686|s390x|x86_64) 0:2.11.3-17.45.66.1 (s390x|x86_64) 0:2.11.3-17.45.66.1 (i586|s390x|x86_64) 0:2.11.3-17.45.66.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.47.1 (ia64) 0:2.4.1-24.39.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-25.33.37.1 (ppc64|s390x|x86_64) 0:2.18.9-0.23.1 (ia64) 0:2.18.9-0.23.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.11.10-0.6.11.1 (ia64) 0:4.0-7.26.15 (i586) 0:1.4.2_sr13.18-0.4.1 (i586) 0:1.6.0_sr15.0-0.5.1 (i586|s390x|x86_64) 0:1.6.0_sr16.0-0.3.1 (i586|s390x|x86_64) 0:1.6.0_sr16.20-49.1 (i586) 0:1.6.0_sr16.20-49.1 (i586|x86_64) 0:1.6.0_sr16.20-49.1 (i586|s390x|x86_64) 0:1.6.0_sr16.25-69.1 (i586) 0:1.6.0_sr16.25-69.1 (i586|x86_64) 0:1.6.0_sr16.25-69.1 (i586|s390x|x86_64) 0:1.6.0_sr16.30-75.1 (i586|x86_64) 0:1.6.0_sr16.30-75.1 (i586|s390x|x86_64) 0:1.6.0_sr16.35-78.2 (i586|x86_64) 0:1.6.0_sr16.35-78.2 (i586|s390x|x86_64) 0:1.6.0_sr16.15-46.1 (i586) 0:1.6.0_sr16.15-46.1 (i586|x86_64) 0:1.7.0_sr6.0-0.7.1 (i586|s390x|x86_64) 0:1.7.0_sr7.0-0.5.1 (i586|s390x|x86_64) 0:1.7.0_sr9.10-9.1 (i586|x86_64) 0:1.7.0_sr9.10-9.1 (i586|s390x|x86_64) 0:1.7.0_sr9.20-42.1 (i586|x86_64) 0:1.7.0_sr9.20-42.1 (i586|s390x|x86_64) 0:1.7.0_sr9.30-45.1 (i586|x86_64) 0:1.7.0_sr9.30-45.1 (i586|s390x|x86_64) 0:1.7.0_sr9.40-52.1 (i586|x86_64) 0:1.7.0_sr9.40-52.1 (i586|s390x|x86_64) 0:1.7.0_sr9.50-55.1 (i586|x86_64) 0:1.7.0_sr9.50-55.1 (i586|s390x|x86_64) 0:1.7.0_sr9.60-58.2 (i586|x86_64) 0:1.7.0_sr9.60-58.2 (ppc64|s390x|x86_64) 0:4.3.5-0.12.1 (ia64) 0:4.3.5-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-0.7.17.1 (s390x) 0:3.0.101-0.7.17.1 (ppc64) 0:3.0.101-0.7.17.1 (i586|s390x|x86_64) 0:3.0.101-0.7.47.1 (s390x) 0:3.0.101-0.7.47.1 (i586|x86_64) 0:3.0.101-0.7.47.1 (i586) 0:3.0.101-0.7.47.1 (i586|s390x|x86_64) 0:3.0.101-0.7.53.1 (s390x) 0:3.0.101-0.7.53.1 (i586|x86_64) 0:3.0.101-0.7.53.1 (i586) 0:3.0.101-0.7.53.1 (i586|s390x|x86_64) 0:3.0.101-0.7.37.1 (s390x) 0:3.0.101-0.7.37.1 (i586|x86_64) 0:3.0.101-0.7.37.1 (i586) 0:3.0.101-0.7.37.1 (i586|s390x|x86_64) 0:3.0.101-0.7.40.1 (s390x) 0:3.0.101-0.7.40.1 (i586|x86_64) 0:3.0.101-0.7.40.1 (i586) 0:3.0.101-0.7.40.1 (i586|s390x|x86_64) 0:3.0.101-0.7.44.1 (s390x) 0:3.0.101-0.7.44.1 (i586|x86_64) 0:3.0.101-0.7.44.1 (i586) 0:3.0.101-0.7.44.1 (noarch) 0:1.6.3-133.49.58.1 (ia64) 0:1.6.3-133.49.58.1 (i586|x86_64) 0:0.15.1-0.32.2 (ia64) 0:1.17-77.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-12.24.4 (ppc64|s390x|x86_64) 0:3.6.3-0.24.4 (ia64) 0:3.6.3-0.24.4 (ppc64|s390x|x86_64) 0:9.1.9-0.3.1 (ia64) 0:9.1.9-0.3.1 (i586|s390x|x86_64) 0:3.16.5-0.4.2.1 (s390x|x86_64) 0:3.16.5-0.4.2.1 (ia64) 0:1.5.0-0.15.2 (ppc64|s390x|x86_64) 0:0.9.8j-0.50.1 (ia64) 0:0.9.8j-0.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:2013.1.7-0.3.1 (ppc64|s390x|x86_64) 0:0.16.0-1.4.1 (ia64) 0:0.16.0-1.4.1 (ppc64|s390x|x86_64) 0:0.3.1-2.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.3.1-2.6.3 (ia64) 0:0.3.1-2.6.1 (ia64) 0:3.8.2-141.154.1 (ppc64|s390x|x86_64) 0:0.9.6-0.29.1 (ia64) 0:2.7.6-0.25.1 (i586|s390x|x86_64) 0:2.7.6-0.44.1 (s390x|x86_64) 0:2.7.6-0.44.1 (i586|s390x|x86_64) 0:2.7.6-0.44.4 (ia64) 0:1.1.24-19.23.1 (i586|s390x|x86_64) 0:45.5.1esr-63.1 (i586|s390x|x86_64) 0:3.21.3-30.1 (s390x|x86_64) 0:3.21.3-30.1 (i586|s390x|x86_64) 0:38.6.1esr-33.1 (i586|s390x|x86_64) 0:38-15.58 (i586|s390x|x86_64) 0:3.20.2-17.5 (s390x|x86_64) 0:3.20.2-17.5 (ppc64|s390x|x86_64) 0:3.15.2-0.3.1 (ia64) 0:3.15.2-0.3.1 (ppc64|s390x|x86_64) 0:4.10.1-0.3.1 (ia64) 0:4.10.1-0.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.12-24.4.8.1 (ppc64|s390x|x86_64) 0:3.15.3-0.3.1 (ia64) 0:3.15.3-0.3.1 (ppc64|s390x|x86_64) 0:4.10.2-0.3.1 (ia64) 0:4.10.2-0.3.1 (ppc64|s390x|x86_64) 0:3.15.3.1-0.4.2.1 (ia64) 0:3.15.3.1-0.4.2.1 (i586|s390x|x86_64) 0:4.2.8p6-41.1 (i586|s390x|x86_64) 0:4.2.8p7-44.1 (i586|s390x|x86_64) 0:4.2.8p8-47.3 (i586|s390x|x86_64) 0:4.2.8p9-48.9.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.1p1-41.57.1 (i586|s390x|x86_64) 0:5.1p1-41.69.1 (i586|s390x|x86_64) 0:5.1p1-41.69.4 (i586|s390x|x86_64) 0:0.9.8j-0.80.1 (s390x|x86_64) 0:0.9.8j-0.80.1 (i586|s390x|x86_64) 0:0.9.8j-0.89.1 (s390x|x86_64) 0:0.9.8j-0.89.1 (i586|s390x|x86_64) 0:0.9.8j-0.97.1 (s390x|x86_64) 0:0.9.8j-0.97.1 (i586|s390x|x86_64) 0:0.9.8j-0.102.2 (s390x|x86_64) 0:0.9.8j-0.102.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.16-1.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-143.33.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.61.61.1 (i586|s390x|x86_64) 0:5.2.14-0.7.30.72.1 (i586|s390x|x86_64) 0:5.2.14-0.7.30.89.1 (i586|s390x|x86_64) 0:5.3.17-47.1 (i586|s390x|x86_64) 0:5.3.17-55.1 (i586|s390x|x86_64) 0:5.3.17-58.1 (i586|ia64|ppc64|s390x|x86_64) 0:8.3.23-0.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.18-0.12.1 (ppc64|s390x|x86_64) 0:2.6.8-0.23.1 (ia64) 0:2.6.8-0.23.1 (i586|s390x|x86_64) 0:1.34b-45.2 (i586|s390x|x86_64) 0:3.6.3-45.2 (s390x|x86_64) 0:3.6.3-45.2 (noarch) 0:3.6.3-45.2 (i586|s390x|x86_64) 0:1.34b-48.2 (i586|s390x|x86_64) 0:3.6.3-48.2 (s390x|x86_64) 0:3.6.3-48.2 (noarch) 0:3.6.3-48.2 (i586|s390x|x86_64) 0:1.34b-52.1 (i586|s390x|x86_64) 0:3.6.3-52.1 (s390x|x86_64) 0:3.6.3-52.1 (noarch) 0:3.6.3-52.1 (i586|s390x|x86_64) 0:1.34b-56.1 (i586|s390x|x86_64) 0:3.6.3-56.1 (s390x|x86_64) 0:3.6.3-56.1 (noarch) 0:3.6.3-56.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.12.16.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.12-8.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.36-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.6p2-0.2.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5-0.9.1 (noarch) 0:6.0.18-20.35.42.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.1-2.5.1 (i586|x86_64) 0:4.1.6_08-0.11.1 (x86_64) 0:4.1.6_08-0.5.1 (i586|x86_64) 0:4.1.6_08-0.5.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.23-0.5.1 (i586) 0:4.1.6_08_3.0.101_0.7.23-0.5.1 (x86_64) 0:4.1.6_08-20.1 (i586|x86_64) 0:4.1.6_08-20.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.37-20.1 (i586) 0:4.1.6_08_3.0.101_0.7.37-20.1 (x86_64) 0:4.1.6_08-26.1 (i586|x86_64) 0:4.1.6_08-26.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.37-26.1 (i586) 0:4.1.6_08_3.0.101_0.7.37-26.1 (x86_64) 0:4.1.6_08-29.1 (i586|x86_64) 0:4.1.6_08-29.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.40-29.1 (i586) 0:4.1.6_08_3.0.101_0.7.40-29.1 (x86_64) 0:4.1.6_08-32.1 (i586|x86_64) 0:4.1.6_08-32.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.44-32.1 (i586) 0:4.1.6_08_3.0.101_0.7.44-32.1 (x86_64) 0:4.1.6_06-0.5.1 (i586|x86_64) 0:4.1.6_06-0.5.1 (i586|x86_64) 0:4.1.6_06_3.0.101_0.7.17-0.5.1 (i586) 0:4.1.6_06_3.0.101_0.7.17-0.5.1 (x86_64) 0:4.1.6_08-0.9.1 (i586|x86_64) 0:4.1.6_08-0.9.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.29-0.9.1 (i586) 0:4.1.6_08_3.0.101_0.7.29-0.9.1 (x86_64) 0:4.1.6_08-0.13.1 (i586|x86_64) 0:4.1.6_08-0.13.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.29-0.13.1 (i586) 0:4.1.6_08_3.0.101_0.7.29-0.13.1 (x86_64) 0:4.1.6_08-23.1 (i586|x86_64) 0:4.1.6_08-23.1 (i586|x86_64) 0:4.1.6_08_3.0.101_0.7.37-23.1 (i586) 0:4.1.6_08_3.0.101_0.7.37-23.1 (i586|s390x|x86_64) 0:2.3.14-130.133.1 (ia64) 0:7.4-8.26.40.1 (ia64) 0:7.4-5.11.11.1 (ia64) 0:7.4-1.18.1 (ia64) 0:7.4-1.16.1 (ia64) 0:7.4-1.19.1 (ia64) 0:7.4-1.22.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.166-0.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:24-0.7.48 (ppc64|s390x|x86_64) 0:3.16.1-0.8.1 (ia64) 0:3.16.1-0.8.1 (ppc64|s390x|x86_64) 0:4.10.6-0.3.1 (ia64) 0:4.10.6-0.3.1 (x86_64) 0:6.4.3.6-78.149.2 (i586|s390x|x86_64) 0:0.9.1-160.6.1 (x86_64) 0:9.0.3-0.29.5.3 (x86_64) 0:38.6.1esr-34.1 (i586|s390x|x86_64) 0:38.8.0esr-40.5 (i586|s390x|x86_64) 0:3.20.2-30.1 (s390x|x86_64) 0:3.20.2-30.1 (i586|s390x|x86_64) 0:4.12-26.1 (s390x|x86_64) 0:4.12-26.1 (i586|s390x|x86_64) 0:45.2.0esr-45.2 (i586|s390x|x86_64) 0:45.0-23.10 (i586|s390x|x86_64) 0:2.11.0-2.1 (i586|s390x|x86_64) 0:3.21.1-35.1 (s390x|x86_64) 0:3.21.1-35.1 (i586|s390x|x86_64) 0:4.12-29.1 (s390x|x86_64) 0:4.12-29.1 (i586|s390x|x86_64) 0:45.3.0esr-50.1 (i586|s390x|x86_64) 0:45.4.0esr-53.1 (i586|s390x|x86_64) 0:45.6.0esr-62.1 (i586|s390x|x86_64) 0:45.7.0esr-65.2 (i586|s390x|x86_64) 0:45.8.0esr-68.1 (i586|s390x|x86_64) 0:45.9.0esr-71.2 (i586|s390x|x86_64) 0:3.29.5-46.1 (s390x|x86_64) 0:3.29.5-46.1 (i586|s390x|x86_64) 0:4.13.1-32.1 (s390x|x86_64) 0:4.13.1-32.1 (i586|s390x|x86_64) 0:52.2.0esr-72.5.2 (i586|s390x|x86_64) 0:52-24.3.44 (i586|s390x|x86_64) 0:5.3.1+r233831-7.1 (i586|s390x|x86_64) 0:3.29.5-47.3.2 (s390x|x86_64) 0:3.29.5-47.3.2 (i586|s390x|x86_64) 0:52.3.0esr-72.9.1 (i586|s390x|x86_64) 0:52-24.5.1 (i586|s390x|x86_64) 0:52.5.0esr-72.17.1 (i586|s390x|x86_64) 0:52.6.0esr-72.20.2 (i586|s390x|x86_64) 0:52.7.3esr-72.27.2 (i586|s390x|x86_64) 0:52.8.0esr-72.32.1 (i586|s390x|x86_64) 0:52.8.1esr-72.35.1 (i586|s390x|x86_64) 0:52.9.0esr-72.38.6 (x86_64) 0:91.9.0-78.179.2 (i586|ia64|ppc64|s390x|x86_64) 0:24-0.7.36 (ppc64|s390x|x86_64) 0:3.16-0.8.1 (ia64) 0:3.16-0.8.1 (ppc64|s390x|x86_64) 0:4.10.4-0.3.1 (ia64) 0:4.10.4-0.3.1 (ppc64|s390x|x86_64) 0:3.19.2_CKBI_1.98-0.10.1 (ia64) 0:3.19.2_CKBI_1.98-0.10.1 (ppc64|s390x|x86_64) 0:4.10.8-0.5.1 (ia64) 0:4.10.8-0.5.1 (i586|s390x|x86_64) 0:38.7.0esr-37.3 (i586|s390x|x86_64) 0:3.20.2-28.1 (s390x|x86_64) 0:3.20.2-28.1 (i586|s390x|x86_64) 0:4.12-24.1 (s390x|x86_64) 0:4.12-24.1 (x86_64) 0:2.2.0.0-7.1 (x86_64) 0:2.2.0.0-10.1 (x86_64) 0:2.3.2.0-11.5.7 (x86_64) 0:0.1.3-0.10.22.2.1 (x86_64) 0:2.6-2.19.2.1 (x86_64) 0:3.10-0.15.2.1 (x86_64) 0:0.10-0.3.2.1 (x86_64) 0:1.13.1-0.3.2.3 (x86_64) 0:2.6-0.3.2.1 (x86_64) 0:2.9.9-11.8.1 (x86_64) 0:3.6-0.11.2.1 (x86_64) 0:1.6.1-0.3.2.1 (x86_64) 0:2.9.9-11.11.1 (x86_64) 0:2.9.14-11.14.1 (x86_64) 0:2.9.22-11.17.1 (x86_64) 0:2.9.27-11.20.1 (noarch) 0:1.7.1-20.11.9.1 (noarch) 0:1.7.1-16.11.9.1 (i586|s390x|x86_64) 0:2.2.34-70.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.1-0.2.18.1 (x86_64) 0:0.7.0-135.23.3.1 (x86_64) 0:0.7.0-135.23.6.1 (x86_64) 0:0.7.0-135.23.9.1 (x86_64) 0:0.9.0-3.21.3.1 (x86_64) 0:0.6.23-35.6.2 (x86_64) 0:0.6.23-35.6.1 (x86_64) 0:0.6.23-35.9.2 (x86_64) 0:0.6.23-35.12.1 (x86_64) 0:0.6.23-35.15.1 (noarch) 0:1.4-236.236.44.9.1 (noarch) 0:1.4-236.236.44.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2-147.22.1 (ia64) 0:3.2-147.22.1 (ia64) 0:5.2-147.22.1 (x86_64) 0:3.2-147.28.1 (x86_64) 0:5.2-147.28.1 (x86_64) 0:3.2-147.35.1 (x86_64) 0:5.2-147.35.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.12.1 (ia64) 0:9.9.6P1-0.12.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.15.1 (ia64) 0:9.9.6P1-0.15.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.19.1 (ia64) 0:9.9.6P1-0.19.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.22.1 (ia64) 0:9.9.6P1-0.22.1 (i586|s390x|x86_64) 0:9.9.6P1-0.39.1 (s390x|x86_64) 0:9.9.6P1-0.39.1 (i586|s390x|x86_64) 0:9.9.6P1-0.44.1 (s390x|x86_64) 0:9.9.6P1-0.44.1 (i586|s390x|x86_64) 0:9.9.6P1-0.47.1 (s390x|x86_64) 0:9.9.6P1-0.47.1 (i586|s390x|x86_64) 0:9.9.6P1-0.50.1 (s390x|x86_64) 0:9.9.6P1-0.50.1 (i586|s390x|x86_64) 0:9.9.6P1-0.51.7.1 (s390x|x86_64) 0:9.9.6P1-0.51.7.1 (x86_64) 0:9.9.6P1-0.51.15.4 (x86_64) 0:9.9.6P1-0.51.20.1 (x86_64) 0:9.9.6P1-0.51.23.1 (x86_64) 0:9.9.6P1-0.51.26.1 (x86_64) 0:9.9.6P1-0.51.29.1 (x86_64) 0:9.9.6P1-0.51.32.1 (x86_64) 0:4.99-0.9.3.1 (x86_64) 0:1.0.6-257.8.1 (x86_64) 0:1.0.6-257.11.1 (x86_64) 0:5.1-0.13.1 (x86_64) 0:5.1-0.14.3.1 (i586|s390x|x86_64) 0:0.99.2-0.19.1 (i586|s390x|x86_64) 0:0.99.3-0.20.3.2 (i586|s390x|x86_64) 0:0.99.4-0.20.7.2 (i586|s390x|x86_64) 0:0.100.1-0.20.15.1 (i586|s390x|x86_64) 0:0.100.2-0.20.18.1 (x86_64) 0:0.103.6-0.20.47.1 (x86_64) 0:2.5.69.8-11.2 (x86_64) 0:2.1.12-14.2 (x86_64) 0:19.4-3.8.2 (x86_64) 0:8.12-6.25.33.3.1 (x86_64) 0:8.12-6.25.33.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.9-75.78.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.52.2 (ia64) 0:1.3.9-8.46.52.2 (ppc64|s390x|x86_64) 0:7.19.7-1.38.1 (ia64) 0:7.19.7-1.38.1 (ppc64|s390x|x86_64) 0:7.19.7-1.46.1 (ia64) 0:7.19.7-1.46.1 (i586|s390x|x86_64) 0:7.19.7-1.61.1 (s390x|x86_64) 0:7.19.7-1.61.1 (i586|s390x|x86_64) 0:7.37.0-70.27.1 (s390x|x86_64) 0:7.37.0-70.27.1 (x86_64) 0:7.37.0-70.77.1 (ppc64|s390x|x86_64) 0:7.19.7-1.40.1 (ia64) 0:7.19.7-1.40.1 (x86_64) 0:7.37.0-70.80.1 (ppc64|s390x|x86_64) 0:1.2.10-3.31.1 (ia64) 0:1.2.10-3.31.1 (i586|s390x|x86_64) 0:4.2.4.P2-0.27.1 (x86_64) 0:4.2.4.P2-0.28.5.3 (i586|s390x|x86_64) 0:4.2.4.P2-0.28.8.1 (x86_64) 0:4.2.4.P2-0.28.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.3-45.5.3 (x86_64) 0:2.71-0.15.3 (i586|s390x|x86_64) 0:2.78-0.16.5.1 (x86_64) 0:2.78-0.16.8.1 (x86_64) 0:2.78-0.16.11.8 (x86_64) 0:2.78-0.16.14.1 (x86_64) 0:2.78-0.16.17.1 (x86_64) 0:2.11-121.31.4.1 (ia64) 0:2.19.1-6.62.7 (x86_64) 0:1.41.9-2.11.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:61-1.35.1 (ppc64|s390x|x86_64) 0:61-1.35.1 (ia64) 0:61-1.35.1 (ppc64|s390x|x86_64) 0:0.152-4.9.17 (ia64) 0:0.152-4.9.17 (x86_64) 0:0.152-4.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:22.3-4.42.1 (i586|s390x|x86_64) 0:22.3-42.3.1 (ppc64|s390x|x86_64) 0:2.28.2-0.32.1 (ia64) 0:2.28.2-0.32.1 (x86_64) 0:2.28.2-0.32.3.109 (ppc64|s390x|x86_64) 0:4.24-43.27.1 (ia64) 0:4.24-43.27.1 (x86_64) 0:2.28.2-0.10.3.11 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:7-0.12.41 (i586|ia64|ppc64|s390x|x86_64) 0:24-0.7.14 (ppc64|s390x|x86_64) 0:3.15.4-0.7.1 (ia64) 0:3.15.4-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:24-0.7.23 (ppc64|s390x|x86_64) 0:3.16.2-0.8.1 (ia64) 0:3.16.2-0.8.1 (ppc64|s390x|x86_64) 0:3.16.4-0.8.1 (ia64) 0:3.16.4-0.8.1 (ppc64|s390x|x86_64) 0:4.10.7-0.3.1 (ia64) 0:4.10.7-0.3.1 (ppc64|s390x|x86_64) 0:3.17.3-0.8.11 (ia64) 0:3.17.3-0.8.11 (ppc64|s390x|x86_64) 0:4.10.9-11.1 (ia64) 0:4.10.9-11.1 (i586|ia64|ppc64|s390x|x86_64) 0:38-15.31 (i586|x86_64) 0:38-10.27 (ppc64|s390x|x86_64) 0:3.19.2.1-19.3 (ia64) 0:3.19.2.1-19.3 (ppc64|s390x|x86_64) 0:4.10.10-16.1 (ia64) 0:4.10.10-16.1 (i586|s390x|x86_64) 0:52.4.0esr-72.13.2 (i586|s390x|x86_64) 0:3.29.5-47.6.1 (s390x|x86_64) 0:3.29.5-47.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:24-0.7.4 (ppc64|s390x|x86_64) 0:3.15.3.1-0.7.1 (ia64) 0:3.15.3.1-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:31.0-0.10.1 (i586|x86_64) 0:31.0-0.5.1 (ppc64|s390x|x86_64) 0:3.17.2-0.8.1 (ia64) 0:3.17.2-0.8.1 (ppc64|s390x|x86_64) 0:4.10.7-0.3.3 (ia64) 0:4.10.7-0.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:31.0-0.12.51 (i586|x86_64) 0:31.0-0.7.5 (ppc64|s390x|x86_64) 0:3.19.2.0-0.16.1 (ia64) 0:3.19.2.0-0.16.1 (x86_64) 0:2.6.0-10.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.2-269.39.1 (x86_64) 0:2.3.7-25.45.11.1 (ia64) 0:2.3.7-25.34.1 (x86_64) 0:0.10.9-59.3.1 (x86_64) 0:2.8.7-0.11.3.1 (i586|s390x|x86_64) 0:4.3.4_20091019-37.3.1 (s390x|x86_64) 0:4.3.4_20091019-37.3.1 (x86_64) 0:4.3.4_20091019-37.3.1 (i586|s390x|x86_64) 0:4.3.4_20091019-37.9.1 (s390x|x86_64) 0:4.3.4_20091019-37.9.1 (x86_64) 0:4.3.4_20091019-37.9.1 (x86_64) 0:7.5.1-0.9.3.1 (x86_64) 0:7.5.1-0.9.6.1 (i586|s390x|x86_64) 0:8.62-32.46.1 (i586|s390x|x86_64) 0:4.2.7-32.46.1 (i586|s390x|x86_64) 0:8.62-32.47.13.1 (i586|s390x|x86_64) 0:4.2.7-32.47.13.1 (ia64) 0:4.1.6-13.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.72.14 (ppc64|s390x|x86_64) 0:2.11.3-17.72.14 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.72.14 (ia64) 0:2.11.3-17.72.14 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.87.3 (ppc64|s390x|x86_64) 0:2.11.3-17.87.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.87.3 (ia64) 0:2.11.3-17.87.3 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.95.2 (ppc64|s390x|x86_64) 0:2.11.3-17.95.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.95.2 (ia64) 0:2.11.3-17.95.2 (x86_64) 0:2.11.3-17.102.1 (i586|i686|s390x|x86_64) 0:2.11.3-17.109.1 (s390x|x86_64) 0:2.11.3-17.109.1 (i586|s390x|x86_64) 0:2.11.3-17.109.1 (i586|i686|s390x|x86_64) 0:2.11.3-17.110.3.1 (s390x|x86_64) 0:2.11.3-17.110.3.1 (i586|s390x|x86_64) 0:2.11.3-17.110.3.1 (i586|i686|s390x|x86_64) 0:2.11.3-17.110.6.2 (s390x|x86_64) 0:2.11.3-17.110.6.2 (i586|s390x|x86_64) 0:2.11.3-17.110.6.2 (x86_64) 0:2.11.3-17.110.9.2 (i586|i686|s390x|x86_64) 0:2.11.3-17.110.14.1 (s390x|x86_64) 0:2.11.3-17.110.14.1 (i586|s390x|x86_64) 0:2.11.3-17.110.14.1 (i586|i686|s390x|x86_64) 0:2.11.3-17.110.19.2 (s390x|x86_64) 0:2.11.3-17.110.19.2 (i586|s390x|x86_64) 0:2.11.3-17.110.19.2 (i586|i686|s390x|x86_64) 0:2.11.3-17.110.24.2 (s390x|x86_64) 0:2.11.3-17.110.24.2 (i586|s390x|x86_64) 0:2.11.3-17.110.24.2 (x86_64) 0:2.11.3-17.110.30.2 (x86_64) 0:2.11.3-17.110.33.1 (x86_64) 0:2.11.3-17.110.37.1 (x86_64) 0:2.11.3-17.110.40.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.51.1 (ia64) 0:2.4.1-24.39.51.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.57.1 (ia64) 0:2.4.1-24.39.57.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.60.1 (ia64) 0:2.4.1-24.39.60.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-25.33.39.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-25.33.41.2 (i586|s390x|x86_64) 0:2.0.9-25.33.42.3.1 (x86_64) 0:2.7-5.7.3.1 (x86_64) 0:2.00-0.53.4.1 (x86_64) 0:2.00-0.53.7.1 (x86_64) 0:2.02-0.53.10.1 (x86_64) 0:0.10.35-5.17.1 (x86_64) 0:0.10.35-5.18.5.1 (x86_64) 0:0.10.30-5.14.1 (ppc64|s390x|x86_64) 0:2.18.9-0.35.1 (ia64) 0:2.18.9-0.35.1 (ppc64|s390x|x86_64) 0:2.18.9-0.39.1 (ia64) 0:2.18.9-0.39.1 (x86_64) 0:2.18.9-0.44.1 (x86_64) 0:2.18.9-0.45.3.1 (x86_64) 0:2.18.9-0.45.8.1 (x86_64) 0:1.3.12-69.23.3.1 (ia64) 0:4.0-7.28.1 (noarch) 0:1-0.81.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.3-1.13.1 (noarch) 0:1.1.1-1.37.1 (ppc64|s390x|x86_64) 0:1.900.1-134.17.1 (ia64) 0:1.900.1-134.17.1 (x86_64) 0:1.900.14-134.33.26.1 (i586) 0:1.6.0_sr16.2-0.3.1 (i586|s390x|x86_64) 0:1.6.0_sr16.20-51.1 (i586) 0:1.6.0_sr16.20-51.1 (i586|x86_64) 0:1.6.0_sr16.20-51.1 (i586|s390x|x86_64) 0:1.6.0_sr16.45-84.1 (i586|x86_64) 0:1.6.0_sr16.45-84.1 (i586|s390x|x86_64) 0:1.6.0_sr16.50-85.5.1 (i586|x86_64) 0:1.6.0_sr16.50-85.5.1 (i586|x86_64) 0:1.7.0_sr8.0-0.5.1 (x86_64) 0:1.7.0_sr9.30-45.1 (i586|s390x|x86_64) 0:1.7.0_sr9.30-47.1 (i586|x86_64) 0:1.7.0_sr9.30-47.1 (i586|s390x|x86_64) 0:1.7.0_sr10.1-61.1 (i586|x86_64) 0:1.7.0_sr10.1-61.1 (i586|s390x|x86_64) 0:1.7.0_sr10.5-64.1 (i586|x86_64) 0:1.7.0_sr10.5-64.1 (x86_64) 0:1.7.0_sr10.10-65.5.1 (i586|s390x|x86_64) 0:1.7.0_sr10.15-65.8.1 (i586|x86_64) 0:1.7.0_sr10.15-65.8.1 (i586|s390x|x86_64) 0:1.7.0_sr10.20-65.13.1 (i586|x86_64) 0:1.7.0_sr10.20-65.13.1 (i586|s390x|x86_64) 0:1.7.0_sr10.25-65.25.1 (i586|x86_64) 0:1.7.0_sr10.25-65.25.1 (i586|s390x|x86_64) 0:1.7.0_sr10.30-65.28.1 (i586|x86_64) 0:1.7.0_sr10.30-65.28.1 (i586|s390x|x86_64) 0:1.7.0_sr10.35-65.31.1 (i586|x86_64) 0:1.7.0_sr10.35-65.31.1 (x86_64) 0:1.7.0_sr10.40-65.35.1 (x86_64) 0:1.7.0_sr10.45-65.39.1 (x86_64) 0:1.7.0_sr10.50-65.42.1 (x86_64) 0:1.7.0_sr10.55-65.45.1 (x86_64) 0:1.7.0_sr10.60-65.48.1 (x86_64) 0:1.7.0_sr10.65-65.51.1 (x86_64) 0:1.7.0_sr10.70-65.54.1 (x86_64) 0:1.7.0_sr10.75-65.57.1 (x86_64) 0:1.7.0_sr10.80-65.60.1 (x86_64) 0:1.7.0_sr11.5-65.66.1 (x86_64) 0:1.7.0_sr11.0-65.63.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.5-0.3.1 (ppc64|s390x|x86_64) 0:4.3.5-0.14.1 (ia64) 0:4.3.5-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.4.4-255.28.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-0.40.1 (s390x) 0:3.0.101-0.40.1 (ppc64) 0:3.0.101-0.40.1 (x86_64) 0:3.0.101-0.47.86.1 (i586|s390x|x86_64) 0:3.0.101-0.47.86.1 (s390x) 0:3.0.101-0.47.86.1 (i586|x86_64) 0:3.0.101-0.47.86.1 (x86_64) 0:3.0.101-0.47.93.1 (i586|s390x|x86_64) 0:3.0.101-0.47.93.1 (s390x) 0:3.0.101-0.47.93.1 (i586|x86_64) 0:3.0.101-0.47.93.1 (x86_64) 0:3.0.101-0.47.99.1 (i586|s390x|x86_64) 0:3.0.101-0.47.99.1 (s390x) 0:3.0.101-0.47.99.1 (i586|x86_64) 0:3.0.101-0.47.99.1 (x86_64) 0:3.0.101-0.47.102.1 (i586|s390x|x86_64) 0:3.0.101-0.47.102.1 (s390x) 0:3.0.101-0.47.102.1 (i586|x86_64) 0:3.0.101-0.47.102.1 (x86_64) 0:3.0.101-0.47.105.1 (i586|s390x|x86_64) 0:3.0.101-0.47.105.1 (s390x) 0:3.0.101-0.47.105.1 (i586|x86_64) 0:3.0.101-0.47.105.1 (x86_64) 0:3.0.101-0.47.106.8.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.8.1 (s390x) 0:3.0.101-0.47.106.8.1 (i586|x86_64) 0:3.0.101-0.47.106.8.1 (x86_64) 0:3.0.101-0.47.106.50.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.50.1 (s390x) 0:3.0.101-0.47.106.50.1 (i586|x86_64) 0:3.0.101-0.47.106.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-0.47.67.2 (s390x) 0:3.0.101-0.47.67.2 (ppc64) 0:3.0.101-0.47.67.2 (x86_64) 0:3.0.101-0.47.79.1 (i586|s390x|x86_64) 0:3.0.101-0.47.79.1 (s390x) 0:3.0.101-0.47.79.1 (i586|x86_64) 0:3.0.101-0.47.79.1 (i586) 0:3.0.101-0.47.79.1 (x86_64) 0:3.0.101-0.47.106.11.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.11.1 (s390x) 0:3.0.101-0.47.106.11.1 (i586|x86_64) 0:3.0.101-0.47.106.11.1 (s390x) 0:3.0.101-0.47.106.14.1 (x86_64) 0:3.0.101-0.47.106.19.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.19.1 (s390x) 0:3.0.101-0.47.106.19.1 (i586|x86_64) 0:3.0.101-0.47.106.19.1 (x86_64) 0:3.0.101-0.47.106.29.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.29.1 (s390x) 0:3.0.101-0.47.106.29.1 (i586|x86_64) 0:3.0.101-0.47.106.29.1 (x86_64) 0:3.0.101-0.47.106.43.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.43.1 (s390x) 0:3.0.101-0.47.106.43.1 (i586|x86_64) 0:3.0.101-0.47.106.43.1 (x86_64) 0:3.0.101-0.47.106.59.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.59.1 (s390x) 0:3.0.101-0.47.106.59.1 (i586|x86_64) 0:3.0.101-0.47.106.59.1 (x86_64) 0:1.4.20_3.0.101_0.40-0.38.83 (x86_64) 0:1.5.4.1_3.0.101_0.40-0.13.89 (x86_64) 0:2.0.5_3.0.101_0.40-7.39.89 (x86_64) 0:3.0.101-0.47.106.35.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.35.1 (s390x) 0:3.0.101-0.47.106.35.1 (i586|x86_64) 0:3.0.101-0.47.106.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-0.47.71.1 (s390x) 0:3.0.101-0.47.71.1 (ppc64) 0:3.0.101-0.47.71.1 (x86_64) 0:3.0.101-0.47.90.1 (i586|s390x|x86_64) 0:3.0.101-0.47.90.1 (s390x) 0:3.0.101-0.47.90.1 (i586|x86_64) 0:3.0.101-0.47.90.1 (x86_64) 0:3.0.101-0.47.106.5.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.5.1 (s390x) 0:3.0.101-0.47.106.5.1 (i586|x86_64) 0:3.0.101-0.47.106.5.1 (x86_64) 0:3.0.101-0.47.106.56.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.56.1 (s390x) 0:3.0.101-0.47.106.56.1 (i586|x86_64) 0:3.0.101-0.47.106.56.1 (x86_64) 0:3.0.101-0.47.106.22.1 (i586|s390x|x86_64) 0:3.0.101-0.47.106.22.1 (s390x) 0:3.0.101-0.47.106.22.1 (i586|x86_64) 0:3.0.101-0.47.106.22.1 (ia64) 0:1.6.3-133.49.62.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.6.3-133.49.97.3 (ia64) 0:1.6.3-133.49.97.1 (ia64) 0:1.6.3-133.49.103.1 (ia64) 0:1.6.3-133.49.64.1 (ia64) 0:1.6.3-133.49.66.1 (ia64) 0:1.6.3-133.49.68.1 (i586|s390x|x86_64) 0:1.4.2-0.17.1 (i586|s390x|x86_64) 0:1.4.2-0.22.34.3 (i586|s390x|x86_64) 0:1.4.2-37.1 (i586|s390x|x86_64) 0:1.4.2-46.1 (x86_64) 0:1.4.2-49.1 (x86_64) 0:1.4.2-52.1 (i586|s390x|x86_64) 0:1.4.2-53.11.1 (i586|s390x|x86_64) 0:1.4.2-53.14.1 (i586|s390x|x86_64) 0:1.4.2-53.17.1 (i586|s390x|x86_64) 0:1.4.2-53.20.1 (i586|s390x|x86_64) 0:1.4.2-53.23.2 (i586|s390x|x86_64) 0:1.4.2-53.26.2 (x86_64) 0:1.4.2-53.29.1 (x86_64) 0:1.4.2-53.32.1 (x86_64) 0:1.4.2-53.35.1 (x86_64) 0:1.4.2-53.38.1 (x86_64) 0:1.4.2-53.41.1 (x86_64) 0:1.4.2-53.44.1 (i586|s390x|x86_64) 0:1.4.2-0.21.4 (ppc64|s390x|x86_64) 0:1.0.5.9-0.19.3 (x86_64) 0:0.6.3-1.9.6 (x86_64) 0:1.7.4-7.9.1 (x86_64) 0:1.7.4-7.10.3.1 (ppc64|s390x|x86_64) 0:9.1.12-0.3.1 (ppc64|s390x|x86_64) 0:3.16.5-0.7.1 (ia64) 0:3.16.5-0.7.1 (ia64) 0:1.5.0-0.19.1 (x86_64) 0:1.5.0-0.22.1 (x86_64) 0:1.5.0-0.25.1 (x86_64) 0:1.5.0-0.26.3.1 (x86_64) 0:1.5.0-0.26.6.1 (ia64) 0:1.5.0-0.17.1 (x86_64) 0:0.43-1.10.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.900.1-134.13.1 (ppc64|s390x|x86_64) 0:1.900.1-134.13.1 (ia64) 0:1.900.1-134.13.1 (ia64) 0:2.03-12.3.1 (ia64) 0:2.3.2-3.118.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.39-0.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.0.96-0.6.13 (ppc64|s390x|x86_64) 0:0.9.8j-0.66.1 (ia64) 0:0.9.8j-0.66.1 (ppc64|s390x|x86_64) 0:0.24.4-0.15.1 (ia64) 0:0.24.4-0.15.1 (ia64) 0:1.2.31-5.33.1 (ia64) 0:1.2.31-5.35.1 (ia64) 0:1.2.31-5.38.1 (ppc64|s390x|x86_64) 0:0.9.23-0.15.1 (ia64) 0:0.9.23-0.15.1 (x86_64) 0:4.6.3-5.42.3.1 (x86_64) 0:4.6.3-5.42.6.2 (ppc64|s390x|x86_64) 0:2.26.0-2.5.1 (ia64) 0:2.26.0-2.5.1 (ppc64|s390x|x86_64) 0:1.0.20-2.6.5 (ia64) 0:1.0.20-2.6.5 (ppc64|s390x|x86_64) 0:1.0.20-2.10.2 (ia64) 0:1.0.20-2.10.2 (ppc64|s390x|x86_64) 0:5.4.2.1-8.12.22.1 (ia64) 0:5.4.2.1-8.12.22.1 (x86_64) 0:2.32.2-4.16.3.37 (ppc64|s390x|x86_64) 0:1.5-1.28.1 (ia64) 0:1.5-1.28.1 (i586|s390x|x86_64) 0:0.2.1-1.12.3 (i586|s390x|x86_64) 0:0.1.6+git20080930-6.27.2 (ppc64|s390x|x86_64) 0:1.0.5.9-0.9.1 (i586|s390x|x86_64) 0:1.0.5.9-21.5.1 (s390x|x86_64) 0:1.0.5.9-21.5.1 (i586|s390x|x86_64) 0:1.0.5.9-21.9.1 (s390x|x86_64) 0:1.0.5.9-21.9.1 (x86_64) 0:1.0.5.9-21.12.2 (x86_64) 0:1.0.5.9-21.15.1 (x86_64) 0:1.0.5.9-21.20.1 (x86_64) 0:1.0.5.9-21.23.1 (x86_64) 0:1.0.5.9-21.26.2 (ia64) 0:2.7.6-0.31.1 (i586|s390x|x86_64) 0:2.7.6-0.69.1 (s390x|x86_64) 0:2.7.6-0.69.1 (i586|s390x|x86_64) 0:2.7.6-0.69.3 (x86_64) 0:2.7.6-0.77.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.34.4 (ia64) 0:2.7.6-0.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.37.4 (ia64) 0:2.7.6-0.37.1 (x86_64) 0:3.0.101-0.47.96.1 (i586|s390x|x86_64) 0:3.0.101-0.47.96.1 (s390x) 0:3.0.101-0.47.96.1 (i586|x86_64) 0:3.0.101-0.47.96.1 (i586|s390x|x86_64) 0:2.1.15-9.6.6.1 (i586|s390x|x86_64) 0:45.5.1esr-59.1 (i586|s390x|x86_64) 0:3.21.3-39.1 (s390x|x86_64) 0:3.21.3-39.1 (i586|x86_64) 0:1.17-102.83.9.1 (i586|x86_64) 0:1.17-102.83.15.1 (x86_64) 0:1.17-102.83.21.1 (i586|x86_64) 0:1.17-102.83.24.1 (i586|x86_64) 0:1.17-102.83.27.1 (x86_64) 0:1.17-102.83.36.1 (x86_64) 0:1.17-102.83.41.1 (x86_64) 0:1.17-102.83.47.1 (x86_64) 0:1.17-102.83.50.1 (x86_64) 0:1.17-102.83.53.1 (x86_64) 0:1.17-102.83.59.1 (x86_64) 0:1.17-102.83.62.1 (x86_64) 0:1.17-102.83.71.1 (x86_64) 0:1.17-102.83.75.2 (i586|s390x|x86_64) 0:2.6.7-0.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:38-18.24 (s390x|x86_64) 0:3.20.2-25.2 (ia64) 0:3.20.2-25.2 (ppc64|s390x|x86_64) 0:4.10.8-0.8.1 (ia64) 0:4.10.8-0.8.1 (ppc64|s390x|x86_64) 0:3.19.2.2-22.1 (ia64) 0:3.19.2.2-22.1 (x86_64) 0:3.68.1-47.19.1 (x86_64) 0:3.68.3-47.25.1 (ppc64|s390x|x86_64) 0:3.15.2-0.8.1 (ia64) 0:3.15.2-0.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.17-42.37.1 (i586|s390x|x86_64) 0:1.5.17-42.43.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.45-0.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.46-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.47-0.17.1 (x86_64) 0:5.5.49-0.20.1 (i586|s390x|x86_64) 0:5.5.52-0.27.1 (s390x|x86_64) 0:5.5.52-0.27.1 (x86_64) 0:5.5.53-0.30.1 (i586|s390x|x86_64) 0:5.5.54-0.35.1 (s390x|x86_64) 0:5.5.54-0.35.1 (x86_64) 0:5.5.55-0.38.1 (x86_64) 0:5.5.57-0.39.3.1 (i586|s390x|x86_64) 0:5.5.58-0.39.6.1 (s390x|x86_64) 0:5.5.58-0.39.6.1 (x86_64) 0:5.5.59-0.39.9.8 (x86_64) 0:5.5.60-0.39.12.1 (x86_64) 0:5.5.61-0.39.15.1 (i586|s390x|x86_64) 0:5.5.62-0.39.18.1 (s390x|x86_64) 0:5.5.62-0.39.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.12-24.4.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.16-0.13.1 (ppc64|s390x|x86_64) 0:5.4.2.1-8.12.24.1 (ia64) 0:5.4.2.1-8.12.24.1 (ppc64|s390x|x86_64) 0:3.15.3-0.8.1 (ia64) 0:3.15.3-0.8.1 (i586|s390x|x86_64) 0:4.2.8p12-48.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.37-2.35.1 (x86_64) 0:2.3.37-2.74.6.1 (x86_64) 0:2.4.26-0.74.6.1 (x86_64) 0:2.3.37-2.74.9.1 (x86_64) 0:2.4.26-0.74.9.1 (x86_64) 0:2.3.37-2.74.13.1 (x86_64) 0:2.4.26-0.74.13.1 (x86_64) 0:2.3.37-2.74.16.1 (x86_64) 0:2.4.26-0.74.16.1 (x86_64) 0:2.3.37-2.74.19.1 (x86_64) 0:2.4.26-0.74.19.1 (x86_64) 0:2.3.37-2.74.26.1 (x86_64) 0:2.4.26-0.74.26.1 (x86_64) 0:2.3.37-2.74.29.1 (x86_64) 0:2.4.26-0.74.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.37-2.30.1 (ia64) 0:2.4.26-0.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.37-2.62.2 (ia64) 0:2.4.26-0.62.2 (ppc64|s390x|x86_64) 0:1.2.0-172.24.1 (ia64) 0:1.2.0-172.24.1 (i586|s390x|x86_64) 0:1.2.0-172.27.3.1 (s390x|x86_64) 0:1.2.0-172.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2p2-0.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2p2-0.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2p2-0.21.3 (i586|s390x|x86_64) 0:6.2p2-0.33.2 (i586|s390x|x86_64) 0:6.2p2-0.33.5 (i586|s390x|x86_64) 0:6.2p2-0.40.1 (i586|s390x|x86_64) 0:6.2p2-0.40.3 (i586|s390x|x86_64) 0:6.2p2-0.41.5.1 (x86_64) 0:6.6p1-41.13.1 (x86_64) 0:6.6p1-41.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2p2-0.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.2p2-0.24.3 (x86_64) 0:6.6p1-15.1 (x86_64) 0:6.6p1-18.1 (x86_64) 0:6.6p1-19.3.1 (x86_64) 0:6.6p1-19.6.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.80.1 (ia64) 0:0.9.8j-0.80.1 (i586|s390x|x86_64) 0:0.9.8j-0.105.1 (s390x|x86_64) 0:0.9.8j-0.105.1 (i586|s390x|x86_64) 0:0.9.8j-0.106.12.1 (s390x|x86_64) 0:0.9.8j-0.106.12.1 (i586|s390x|x86_64) 0:0.9.8j-0.106.18.1 (s390x|x86_64) 0:0.9.8j-0.106.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-143.40.5 (i586|s390x|x86_64) 0:2.0.9-143.46.1 (i586|s390x|x86_64) 0:2.0.9-143.47.3.1 (x86_64) 0:2.3.2-0.9.1 (x86_64) 0:2.3.2-0.10.3.1 (x86_64) 0:2.3.2-0.10.6.1 (x86_64) 0:2.3.2-0.10.9.1 (x86_64) 0:2.3.2-0.10.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.3-0.5.10 (ia64) 0:1.1.5-0.12.1 (x86_64) 0:1.1.5-0.12.3.1 (i586|s390x|x86_64) 0:2.5.9-252.22.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.70.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2808.01-0.70.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.72-0.70.1 (ia64) 0:5.10.0-64.70.1 (x86_64) 0:5.10.0-64.80.1 (x86_64) 0:0.2808.01-0.80.1 (x86_64) 0:0.72-0.80.1 (x86_64) 0:5.10.0-64.81.3.1 (x86_64) 0:0.2808.01-0.81.3.1 (x86_64) 0:0.72-0.81.3.1 (x86_64) 0:5.10.0-64.81.10.1 (x86_64) 0:0.2808.01-0.81.10.1 (x86_64) 0:0.72-0.81.10.1 (i586|s390x|x86_64) 0:5.10.0-64.81.13.1 (s390x|x86_64) 0:5.10.0-64.81.13.1 (i586|s390x|x86_64) 0:0.2808.01-0.81.13.1 (i586|s390x|x86_64) 0:0.72-0.81.13.1 (i586|s390x|x86_64) 0:1.66-3.3.1 (x86_64) 0:2013.1.7-0.6.5.1 (x86_64) 0:5.3.17-59.1 (x86_64) 0:5.3.17-62.1 (i586|s390x|x86_64) 0:5.3.17-71.1 (x86_64) 0:5.3.17-74.1 (x86_64) 0:5.3.17-79.2 (i586|s390x|x86_64) 0:5.3.17-84.1 (x86_64) 0:5.3.17-87.1 (x86_64) 0:5.3.17-94.1 (i586|s390x|x86_64) 0:5.3.17-101.1 (x86_64) 0:5.3.17-108.1 (x86_64) 0:5.3.17-111.2 (x86_64) 0:5.3.17-112.5.1 (x86_64) 0:5.3.17-112.10.1 (i586|s390x|x86_64) 0:5.3.17-112.20.1 (i586|s390x|x86_64) 0:5.3.17-112.23.1 (x86_64) 0:5.3.17-112.28.1 (x86_64) 0:5.3.17-112.38.1 (x86_64) 0:5.3.17-112.41.1 (x86_64) 0:5.3.17-112.45.1 (x86_64) 0:5.3.17-112.53.1 (x86_64) 0:5.3.17-112.58.1 (x86_64) 0:5.3.17-112.63.3 (x86_64) 0:5.3.17-112.66.2 (x86_64) 0:5.3.17-112.71.1 (x86_64) 0:5.3.17-112.74.1 (x86_64) 0:5.3.17-112.79.1 (x86_64) 0:5.3.17-112.82.1 (x86_64) 0:5.3.17-112.87.1 (x86_64) 0:5.3.17-112.90.1 (x86_64) 0:5.3.17-112.93.1 (x86_64) 0:5.3.17-112.96.1 (x86_64) 0:5.3.17-112.99.2 (x86_64) 0:5.3.17-112.102.2 (x86_64) 0:5.3.17-112.105.1 (x86_64) 0:5.3.17-112.108.1 (x86_64) 0:5.3.17-112.111.1 (x86_64) 0:0.24.4-0.15.3.8 (x86_64) 0:0.12.3-1.13.10.1 (ppc64|s390x|x86_64) 0:1.7-37.60.2 (ia64) 0:1.7-37.60.2 (ppc64|s390x|x86_64) 0:9.4.5-0.8.3 (x86_64) 0:10.21-0.2.42.2 (ppc64|s390x|x86_64) 0:9.1.15-0.3.1 (i586|s390x|x86_64) 0:9.4.13-0.23.5.1 (s390x|x86_64) 0:9.4.13-0.23.5.1 (ppc64) 0:1.2.16-0.13.1 (ppc64) 0:2.6.1-0.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.22-240.8.1 (x86_64) 0:3.2.7-152.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.18-0.16.1 (i586|s390x|x86_64) 0:2.6.9-40.15.1 (s390x|x86_64) 0:2.6.9-40.15.1 (ppc64|s390x|x86_64) 0:2.6.9-0.33.1 (ia64) 0:2.6.9-0.33.1 (ppc64|s390x|x86_64) 0:2.6.9-0.25.1 (ia64) 0:2.6.9-0.25.1 (ppc64|s390x|x86_64) 0:2.6.9-0.27.1 (ia64) 0:2.6.9-0.27.1 (ppc64|s390x|x86_64) 0:2.6.9-0.31.1 (ia64) 0:2.6.9-0.31.1 (x86_64) 0:2.6-2.19.5.1 (x86_64) 0:0.19.0-14.3.1 (x86_64) 0:1.13.1-0.3.5.1 (x86_64) 0:1.13.1-0.3.8.1 (x86_64) 0:1.4.1-0.10.3.1 (x86_64) 0:2.6-0.3.6.1 (x86_64) 0:2.7.2-2.3.6.1 (x86_64) 0:0.13.3-0.3.6.1 (x86_64) 0:1.9.213-3.6.1 (noarch) 0:1.12.213-3.6.5 (x86_64) 0:0.2.1-3.6.5 (x86_64) 0:1.24-0.3.3.5 (x86_64) 0:18.5-3.3.1 (noarch) 0:0.30-3.3.4 (x86_64) 0:2.4.4-0.3.3.9 (x86_64) 0:2.7.2-2.3.3.11 (x86_64) 0:0.18-3.3.11 (x86_64) 0:0.7.2-0.3.3.10 (x86_64) 0:1.4.2-3.3.13 (x86_64) 0:3.10-0.3.3.10 (x86_64) 0:1.2.1-2.3.3.11 (noarch) 0:1.4-3.3.10 (x86_64) 0:1.7.42-3.3.11 (noarch) 0:1.10.57-3.3.11 (x86_64) 0:1.5.2-3.3.11 (x86_64) 0:5.0.6-1.3.3.10 (x86_64) 0:1.3.1-3.5.11 (x86_64) 0:2.1-3.3.11 (x86_64) 0:0.11-0.3.3.10 (x86_64) 0:0.10-0.3.3.9 (x86_64) 0:1.1.3-3.3.11 (x86_64) 0:3.0.2-3.3.10 (x86_64) 0:0.9.2-3.3.10 (x86_64) 0:2.0-3.3.11 (x86_64) 0:1.0.18-3.3.11 (noarch) 0:0.9.2-3.3.11 (x86_64) 0:1.1-0.3.3.10 (x86_64) 0:1.0-0.3.3.10 (x86_64) 0:2.4.0-3.3.11 (x86_64) 0:0.9.1-2.3.3.10 (x86_64) 0:1.0.1-3.3.11 (noarch) 0:0.7.2-3.3.13 (x86_64) 0:1.13.1-0.3.3.10 (noarch) 0:3.4-3.3.10 (x86_64) 0:0.1.9-3.3.11 (x86_64) 0:0.0.5-3.3.11 (noarch) 0:2.10-3.3.10 (x86_64) 0:2.6-0.3.3.9 (x86_64) 0:2.7-3.3.10 (noarch) 0:2.5.1-0.3.4.9 (x86_64) 0:1.5.5-3.3.11 (x86_64) 0:2.0.1-0.3.3.11 (x86_64) 0:0.1.13-3.3.11 (x86_64) 0:3.8.2-3.3.11 (x86_64) 0:1.7.2-0.3.3.11 (i586|s390x|x86_64) 0:0.99.15-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.1.6+git20080930-6.24.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.4-2.49.1 (x86_64) 0:3.0.4-2.52.1 (x86_64) 0:3.0.4-2.53.3.1 (x86_64) 0:3.0.4-2.53.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.1-0.11.1 (x86_64) 0:5.10.1-0.14.3.1 (x86_64) 0:1.34b-67.2 (i586|s390x|x86_64) 0:1.34b-76.1 (s390x|x86_64) 0:3.6.3-76.1 (noarch) 0:3.6.3-76.2 (i586|s390x|x86_64) 0:1.34b-84.1 (i586|s390x|x86_64) 0:3.6.3-84.1 (s390x|x86_64) 0:3.6.3-84.1 (x86_64) 0:1.34b-87.1 (x86_64) 0:3.6.3-87.1 (noarch) 0:3.6.3-87.1 (i586|s390x|x86_64) 0:1.34b-90.1 (i586|s390x|x86_64) 0:3.6.3-90.1 (s390x|x86_64) 0:3.6.3-90.1 (i586|s390x|x86_64) 0:1.34b-93.1 (i586|s390x|x86_64) 0:3.6.3-93.1 (s390x|x86_64) 0:3.6.3-93.1 (i586|s390x|x86_64) 0:1.34b-94.5.1 (i586|s390x|x86_64) 0:3.6.3-94.5.1 (s390x|x86_64) 0:3.6.3-94.5.1 (i586|s390x|x86_64) 0:1.34b-94.8.1 (i586|s390x|x86_64) 0:3.6.3-94.8.1 (s390x|x86_64) 0:3.6.3-94.8.1 (x86_64) 0:1.34b-94.11.1 (x86_64) 0:3.6.3-94.11.1 (noarch) 0:3.6.3-94.11.1 (i586|s390x|x86_64) 0:1.34b-94.14.2 (i586|s390x|x86_64) 0:3.6.3-94.14.2 (s390x|x86_64) 0:3.6.3-94.14.2 (x86_64) 0:1.34b-94.19.2 (x86_64) 0:3.6.3-94.19.2 (x86_64) 0:1.34b-94.23.1 (x86_64) 0:3.6.3-94.23.1 (x86_64) 0:1.34b-94.26.1 (x86_64) 0:3.6.3-94.26.1 (x86_64) 0:1.34b-94.31.1 (x86_64) 0:3.6.3-94.31.1 (x86_64) 0:1.34b-94.34.1 (x86_64) 0:3.6.3-94.34.1 (x86_64) 0:1.34b-94.37.1 (x86_64) 0:3.6.3-94.37.1 (noarch) 0:3.6.3-94.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-12.56.1 (ppc64|s390x|x86_64) 0:3.6.3-0.56.1 (ia64) 0:3.6.3-0.56.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-64.1 (ppc64|s390x|x86_64) 0:3.6.3-64.1 (ia64) 0:3.6.3-64.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.11-0.25.4 (x86_64) 0:1.3.11-0.28.1 (x86_64) 0:15+git47-12.5.1 (x86_64) 0:15.4-12.8.1 (x86_64) 0:3.7.6.3-1.4.6.1 (x86_64) 0:3.7.6.3-1.4.7.3.1 (x86_64) 0:3.7.6.3-1.4.7.6.1 (x86_64) 0:3.7.6.3-1.4.7.9.1 (x86_64) 0:3.7.6.3-1.4.7.12.1 (x86_64) 0:3.7.6.3-1.4.7.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.12.24.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.12-8.16.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.25.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.6p2-0.21.1 (x86_64) 0:1.7.6p2-0.29.1 (x86_64) 0:1.7.6p2-0.30.5.1 (noarch) 0:1.20-121.1 (x86_64) 0:20120115_1.7.0-0.5.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.9.8-1.27.1 (ia64) 0:3.8.2-141.160.1 (x86_64) 0:3.8.2-141.169.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-12.2.1 (i586|s390x|x86_64) 0:3.80.2-4.1 (x86_64) 0:5.6.1-5.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.00-11.13.1 (x86_64) 0:6.00-11.17.1 (x86_64) 0:6.00-11.18.3.1 (x86_64) 0:6.00-11.18.8.1 (x86_64) 0:6.00-11.18.11.1 (x86_64) 0:2.19.1-6.62.7.1 (x86_64) 0:7.2-8.17.1 (x86_64) 0:7.2-8.20.8 (x86_64) 0:7.2-8.21.3.1 (x86_64) 0:7.2-8.21.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.11.4-1.19.1 (i586|s390x|x86_64) 0:1.11.4-1.32.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-6.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-6.17.4 (i586|s390x|x86_64) 0:0.7.1-6.18.3.1 (x86_64) 0:0.7.1-6.18.6.1 (x86_64) 0:0.7.1-6.18.9.1 (x86_64) 0:4.2.5_20-24.9 (i586|x86_64) 0:4.2.5_20_3.0.101_0.47.79-24.9 (i586) 0:4.2.5_20_3.0.101_0.47.79-24.9 (i586|x86_64) 0:4.2.5_20-24.9 (x86_64) 0:4.2.5_21-27.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.86-27.1 (i586|x86_64) 0:4.2.5_21-27.1 (x86_64) 0:4.2.5_21-30.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.90-30.1 (i586|x86_64) 0:4.2.5_21-30.1 (x86_64) 0:4.2.5_21-31.1 (x86_64) 0:4.2.5_21_3.0.101_0.113.TDC-31.1 (x86_64) 0:4.2.5_21-35.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.96-35.1 (i586|x86_64) 0:4.2.5_21-35.1 (x86_64) 0:4.2.5_21-37.1 (x86_64) 0:4.2.5_21_3.0.101_0.116.TDC-37.1 (x86_64) 0:4.2.5_21-38.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.99-38.1 (i586|x86_64) 0:4.2.5_21-38.1 (x86_64) 0:4.2.5_21-40.1 (x86_64) 0:4.2.5_21_3.0.101_0.119.TDC-40.1 (x86_64) 0:4.2.5_21-43.1 (x86_64) 0:4.2.5_21_3.0.101_0.119.TDC-43.1 (x86_64) 0:4.2.5_21-41.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.99-41.1 (i586|x86_64) 0:4.2.5_21-41.1 (x86_64) 0:4.2.5_21-44.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.102-44.1 (i586|x86_64) 0:4.2.5_21-44.1 (x86_64) 0:4.2.5_21-46.1 (x86_64) 0:4.2.5_21_3.0.101_0.122.TDC-46.1 (x86_64) 0:4.2.5_21-47.7.1 (x86_64) 0:4.2.5_21_3.0.101_0.125.TDC-47.7.1 (x86_64) 0:4.2.5_21-45.5.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.105-45.5.1 (i586|x86_64) 0:4.2.5_21-45.5.1 (x86_64) 0:4.2.5_21-47.10.1 (x86_64) 0:4.2.5_21_3.0.101_0.126.5.TDC-47.10.1 (x86_64) 0:4.2.5_21-45.8.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.105-45.8.1 (i586|x86_64) 0:4.2.5_21-45.8.1 (x86_64) 0:4.2.5_21-45.11.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.106.5-45.11.1 (i586|x86_64) 0:4.2.5_21-45.11.1 (x86_64) 0:4.2.5_21-47.13.1 (x86_64) 0:4.2.5_21_3.0.101_0.132.TDC-47.13.1 (x86_64) 0:4.2.5_21-45.16.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.106.8-45.16.1 (i586|x86_64) 0:4.2.5_21-45.16.1 (x86_64) 0:4.2.5_21-47.16.1 (x86_64) 0:4.2.5_21_3.0.101_0.139.TDC-47.16.1 (x86_64) 0:4.2.5_21-47.21.1 (x86_64) 0:4.2.5_21_3.0.101_0.150.TDC-47.21.1 (x86_64) 0:4.2.5_21-45.19.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.106.14-45.19.1 (i586|x86_64) 0:4.2.5_21-45.19.1 (x86_64) 0:4.2.5_21-45.22.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.106.19-45.22.1 (i586|x86_64) 0:4.2.5_21-45.22.1 (x86_64) 0:4.2.5_21-47.24.1 (x86_64) 0:4.2.5_21_3.0.101_0.156.TDC-47.24.1 (x86_64) 0:4.2.5_21-47.27.1 (x86_64) 0:4.2.5_21_3.0.101_0.181.TDC-47.27.1 (x86_64) 0:4.2.5_21-45.25.1 (i586|x86_64) 0:4.2.5_21_3.0.101_0.47.106.43-45.25.1 (i586|x86_64) 0:4.2.5_21-45.25.1 (x86_64) 0:4.2.5_21-47.32.1 (x86_64) 0:4.2.5_21_3.0.101_0.190.TDC-47.32.1 (x86_64) 0:4.2.5_21-47.37.1 (x86_64) 0:4.2.5_21_3.0.101_0.219.TDC-47.37.1 (x86_64) 0:4.2.5_22-47.40.1 (x86_64) 0:4.2.5_22_3.0.101_0.238.TDC-47.40.1 (x86_64) 0:4.2.5_24-47.43.1 (x86_64) 0:4.2.5_24_3.0.101_0.238.TDC-47.43.1 (x86_64) 0:4.2.5_26-47.46.1 (x86_64) 0:4.2.5_26_3.0.101_0.241.TDC-47.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3.14-130.133.1 (ia64) 0:7.4-8.26.42.1 (ia64) 0:7.4-5.11.15.1 (i586|s390x|x86_64) 0:7.4-5.11.72.9.1 (s390x|x86_64) 0:7.4-5.11.72.9.1 (ia64) 0:7.4-1.18.2 (ia64) 0:7.4-1.16.2 (ia64) 0:7.4-1.19.2 (x86_64) 0:7.4-27.118.1 (i586|s390x|x86_64) 0:7.4-27.121.2 (x86_64) 0:7.4-27.122.16.1 (i586|s390x|x86_64) 0:7.4-27.122.21.1 (x86_64) 0:7.4-27.122.26.1 (x86_64) 0:7.4-27.122.29.1 (x86_64) 0:7.4-27.122.37.1 (x86_64) 0:7.4-27.122.40.1 (x86_64) 0:7.4-27.122.43.1 (x86_64) 0:7.4-27.122.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.07-6.36.1 (x86_64) 0:2.17.147.1-9.1 (x86_64) 0:1.2.7-0.14.1 (x86_64) 0:1.2.7-0.17.3.1 (i586|ppc64|s390x|x86_64) 0:6.4.3.6-78.135.1 (ppc64|s390x|x86_64) 0:6.4.3.6-78.135.1 (i586|ppc64|s390x|x86_64) 0:0.9.1-160.14.1 (i586|ppc64|s390x|x86_64) 0:0.9.1-160.19.1 (i586|ppc64|s390x|x86_64) 0:0.9.1-160.22.1 (ppc64|s390x|x86_64) 0:3.20.2-30.1 (ia64) 0:3.20.2-30.1 (ppc64|s390x|x86_64) 0:4.12-26.1 (ia64) 0:4.12-26.1 (i586|ia64|ppc64|s390x|x86_64) 0:45.0-23.10 (ppc64|s390x|x86_64) 0:3.21.1-35.1 (ia64) 0:3.21.1-35.1 (ppc64|s390x|x86_64) 0:4.12-29.1 (ia64) 0:4.12-29.1 (ppc64|s390x|x86_64) 0:3.29.5-46.1 (ia64) 0:3.29.5-46.1 (ppc64|s390x|x86_64) 0:4.13.1-32.1 (ia64) 0:4.13.1-32.1 (i586|ppc64|s390x|x86_64) 0:52-24.3.44 (i586|ia64|ppc64|s390x|x86_64) 0:5.3.1+r233831-7.1 (ppc64|s390x|x86_64) 0:3.29.5-47.3.2 (ia64) 0:3.29.5-47.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:52-24.5.1 (ppc64|s390x|x86_64) 0:3.20.2-28.1 (ia64) 0:3.20.2-28.1 (ppc64|s390x|x86_64) 0:4.12-24.1 (ia64) 0:4.12-24.1 (i586|ia64|ppc64|x86_64) 0:0.9.svn1043876-1.3.15 (ppc64|s390x|x86_64) 0:1.6.1-83.17.3.1 (ia64) 0:1.6.1-83.17.3.1 (i586|ppc64|s390x|x86_64) 0:1.6.1-83.17.25.1 (ppc64|s390x|x86_64) 0:1.6.1-83.17.25.1 (i586|ppc64|s390x|x86_64) 0:1.6.1-83.17.30.1 (ppc64|s390x|x86_64) 0:1.6.1-83.17.30.1 (ia64) 0:1.2.13-106.11.1 (i586|ppc64|s390x|x86_64) 0:1.2.13-106.21.1 (ppc64|s390x|x86_64) 0:1.2.13-106.21.1 (i586|ppc64|s390x|x86_64) 0:1.4-75.3.1 (i586|ppc64|s390x|x86_64) 0:0.13.1-40.16.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.2.1-188.5.1 (i586|ppc64|s390x|x86_64) 0:2.2.34-70.27.1 (i586|ppc64|s390x|x86_64) 0:2.2.34-70.35.1 (i586|ppc64|s390x|x86_64) 0:2.2.34-70.38.1 (i586|ppc64|s390x|x86_64) 0:2.2.34-70.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.40-0.2.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.0.14-0.4.25.1 (i586|ppc64|s390x|x86_64) 0:2.0.4-40.63.3.3 (i586|ia64|ppc64|s390x|x86_64) 0:0.114-12.8.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.114-0.8.3.1 (i586|ppc64|s390x|x86_64) 0:2.1a15-131.23.2.6.1 (i586|ppc64|s390x|x86_64) 0:0.60.6-26.36.1 (ppc64|s390x|x86_64) 0:0.60.6-26.36.1 (i586|ppc64|s390x|x86_64) 0:0.7.0-135.23.3.1 (ppc64|s390x|x86_64) 0:0.2.6-142.17.1 (ia64) 0:0.2.6-142.17.1 (ppc64|s390x|x86_64) 0:0.6.23-35.6.2 (ia64) 0:0.6.23-35.6.2 (ppc64|s390x|x86_64) 0:0.6.23-35.6.1 (ia64) 0:0.6.23-35.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2-147.29.1 (ia64) 0:3.2-147.29.1 (ia64) 0:5.2-147.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2-147.35.1 (ia64) 0:3.2-147.35.1 (ia64) 0:5.2-147.35.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.25.1 (ia64) 0:9.9.6P1-0.25.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.30.1 (ia64) 0:9.9.6P1-0.30.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.33.1 (ia64) 0:9.9.6P1-0.33.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.36.1 (ia64) 0:9.9.6P1-0.36.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.39.1 (ia64) 0:9.9.6P1-0.39.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.44.1 (ia64) 0:9.9.6P1-0.44.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.47.1 (ia64) 0:9.9.6P1-0.47.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.50.1 (ia64) 0:9.9.6P1-0.50.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.51.7.1 (i586|ppc64|s390x|x86_64) 0:9.9.6P1-0.51.15.4 (ppc64|s390x|x86_64) 0:9.9.6P1-0.51.15.4 (i586|ppc64|s390x|x86_64) 0:9.9.6P1-0.51.20.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.51.20.1 (i586|ppc64|s390x|x86_64) 0:9.9.6P1-0.51.23.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.51.23.1 (i586|ppc64|s390x|x86_64) 0:9.9.6P1-0.51.26.1 (ppc64|s390x|x86_64) 0:9.9.6P1-0.51.26.1 (i586|ppc64|s390x|x86_64) 0:1.0.5-34.256.5.1 (ppc64|s390x|x86_64) 0:1.0.5-34.256.5.1 (i586|ppc64|s390x|x86_64) 0:1.0.5-34.256.8.1 (ppc64|s390x|x86_64) 0:1.0.5-34.256.8.1 (ppc64|s390x|x86_64) 0:1.8.8-2.3.7.1 (ia64) 0:1.8.8-2.3.7.1 (i586|ppc64|s390x|x86_64) 0:5.1-0.16.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.2-0.19.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.3-0.20.3.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.99.4-0.20.7.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.100.1-0.20.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.100.2-0.20.18.1 (i586|ppc64|s390x|x86_64) 0:0.100.3-0.20.21.1 (i586|ppc64|s390x|x86_64) 0:0.100.3-0.20.26.1 (i586|ppc64|s390x|x86_64) 0:0.100.3-0.20.29.1 (i586|ppc64|s390x|x86_64) 0:0.103.0-0.20.32.1 (i586|ppc64|s390x|x86_64) 0:0.103.2-0.20.35.1 (i586|ppc64|s390x|x86_64) 0:0.103.4-0.20.41.1 (i586|ppc64|s390x|x86_64) 0:0.103.5-0.20.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.69.8-11.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.12-14.2 (i586|ia64|ppc64|s390x|x86_64) 0:8.12-6.25.33.3.1 (ia64) 0:8.12-6.25.33.3.1 (i586|ppc64|s390x|x86_64) 0:2.9-75.81.8.1 (i586|ppc64|s390x|x86_64) 0:2.9-75.81.14.1 (ppc64|s390x|x86_64) 0:2.8.12-56.13.1 (ia64) 0:2.8.12-56.13.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.56.3.1 (ia64) 0:1.3.9-8.46.56.3.1 (i586|ppc64|s390x|x86_64) 0:1.3.9-8.46.56.8.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.56.8.1 (i586|ppc64|s390x|x86_64) 0:1.3.9-8.46.56.11.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.56.11.1 (i586|ppc64|s390x|x86_64) 0:1.3.9-8.46.56.18.1 (ppc64|s390x|x86_64) 0:1.3.9-8.46.56.18.1 (s390x|x86_64) 0:7.19.7-1.70.3.1 (i586|ppc64|s390x|x86_64) 0:7.37.0-70.41.2 (i586|ppc64|s390x|x86_64) 0:7.37.0-70.44.1 (i586|ppc64|s390x|x86_64) 0:7.37.0-70.47.1 (i586|ppc64|s390x|x86_64) 0:7.37.0-70.66.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.12.12-144.23.5.3.1 (i586|ppc64|s390x|x86_64) 0:2.1.22-182.26.4.1 (i586|ppc64|s390x|x86_64) 0:2.1.22-182.26.7.1 (i586|ppc64|s390x|x86_64) 0:1.2.10-3.34.8.1 (ppc64|s390x|x86_64) 0:1.2.10-3.34.8.1 (i586|ppc64|s390x|x86_64) 0:4.2.4.P2-0.28.12.1 (i586|ppc64|s390x|x86_64) 0:3.5.21-3.9.1 (i586|ppc64|s390x|x86_64) 0:3.5.21-3.12.1 (i586|ppc64|s390x|x86_64) 0:3.5.21-3.15.1 (i586|ppc64|s390x|x86_64) 0:3.5.21-3.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.71-0.16.3 (i586|ia64|ppc64|s390x|x86_64) 0:2.78-0.17.5.1 (i586|ppc64|s390x|x86_64) 0:2.78-0.17.10.1 (i586|ppc64|s390x|x86_64) 0:2.78-0.17.15.1 (i586|ppc64|s390x|x86_64) 0:2.78-0.17.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.26-3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2-1001.30.3.4 (i586|ia64|ppc64|s390x|x86_64) 0:22.3-42.3.1 (i586|ppc64|s390x|x86_64) 0:2.28.2-0.7.8.1 (ppc64|s390x|x86_64) 0:2.0.1-88.38.1 (ia64) 0:2.0.1-88.38.1 (ppc64|s390x|x86_64) 0:2.0.1-88.41.1 (ia64) 0:2.0.1-88.41.1 (ppc64|s390x|x86_64) 0:2.0.1-88.42.3.2 (ia64) 0:2.0.1-88.42.3.2 (i586|ppc64|s390x|x86_64) 0:2.0.1-88.42.12.1 (ppc64|s390x|x86_64) 0:2.0.1-88.42.12.1 (i586|ppc64|s390x|x86_64) 0:2.0.1-88.42.15.1 (ppc64|s390x|x86_64) 0:2.0.1-88.42.15.1 (i586|ppc64|s390x|x86_64) 0:2.0.1-88.42.18.1 (ppc64|s390x|x86_64) 0:2.0.1-88.42.18.1 (i586|ppc64|s390x|x86_64) 0:2.0.1-88.42.22.1 (ppc64|s390x|x86_64) 0:2.0.1-88.42.22.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.3.8.90-13.20.21.1 (ppc64|s390x|x86_64) 0:3.29.5-47.6.1 (ia64) 0:3.29.5-47.6.1 (i586|ppc64|s390x|x86_64) 0:2.54.3-2.11.1 (i586|ppc64|s390x|x86_64) 0:3.10.9-2.12.2 (i586|ppc64|s390x|x86_64) 0:2.10.2-2.6.5 (i586|ppc64|s390x|x86_64) 0:2.26.1-2.5.5 (i586|ppc64|s390x|x86_64) 0:0.76-34.2.4.5 (i586|ppc64|s390x|x86_64) 0:2.36.11-2.5.4 (i586|ppc64|s390x|x86_64) 0:2.54.3-2.4.3 (i586|ppc64|s390x|x86_64) 0:3.10.9-2.8.3 (i586|ppc64|s390x|x86_64) 0:1.15.10-2.8.7 (i586|ppc64|s390x|x86_64) 0:2.9-2.4.1 (i586|ppc64|s390x) 0:5.3.1+r233831-10.1 (i586|ppc64|s390x|x86_64) 0:1.7.5-2.4.5 (i586|ppc64|s390x|x86_64) 0:1.40.14-2.4.5 (i586|ppc64|s390x|x86_64) 0:0.34.0-2.5.1 (i586|s390x|x86_64) 0:3.41.1-38.6.1 (s390x|x86_64) 0:3.41.1-38.6.1 (i586|ppc64|s390x|x86_64) 0:4.20-29.3.1 (ppc64|s390x|x86_64) 0:4.20-29.3.1 (ia64) 0:2.6.0-10.19.1 (ia64) 0:2.3.7-25.41.4 (ia64) 0:2.3.7-25.45.5.1 (ia64) 0:2.3.7-25.45.8.1 (i586|ia64|x86_64) 0:5.3.1+r233831-10.1 (i586|ppc64|s390x|x86_64) 0:8.62-47.16.1 (i586|ppc64|s390x|x86_64) 0:4.2.7-47.16.1 (ia64) 0:4.1.6-21.1 (ia64) 0:2.22.5-0.8.36.1 (i586|ppc64|s390x|x86_64) 0:2.22.5-0.8.39.1 (ppc64|s390x|x86_64) 0:2.22.5-0.8.39.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.102.1 (ppc64|s390x|x86_64) 0:2.11.3-17.102.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.102.1 (ia64) 0:2.11.3-17.102.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.109.1 (ppc64|s390x|x86_64) 0:2.11.3-17.109.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.109.1 (ia64) 0:2.11.3-17.109.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.3.1 (ppc64|s390x|x86_64) 0:2.11.3-17.110.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.3.1 (ia64) 0:2.11.3-17.110.3.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.6.2 (ppc64|s390x|x86_64) 0:2.11.3-17.110.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.6.2 (ia64) 0:2.11.3-17.110.6.2 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.9.2 (ppc64|s390x|x86_64) 0:2.11.3-17.110.9.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.9.2 (ia64) 0:2.11.3-17.110.9.2 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.14.1 (ppc64|s390x|x86_64) 0:2.11.3-17.110.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.14.1 (ia64) 0:2.11.3-17.110.14.1 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.19.2 (ppc64|s390x|x86_64) 0:2.11.3-17.110.19.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.19.2 (ia64) 0:2.11.3-17.110.19.2 (i586|i686|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.24.2 (ppc64|s390x|x86_64) 0:2.11.3-17.110.24.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.11.3-17.110.24.2 (ia64) 0:2.11.3-17.110.24.2 (i586|i686|ppc64|s390x|x86_64) 0:2.11.3-17.110.33.1 (ppc64|s390x|x86_64) 0:2.11.3-17.110.33.1 (i586|ppc64|s390x|x86_64) 0:2.11.3-17.110.33.1 (i586|i686|ppc64|s390x|x86_64) 0:2.11.3-17.110.37.1 (ppc64|s390x|x86_64) 0:2.11.3-17.110.37.1 (i586|ppc64|s390x|x86_64) 0:2.11.3-17.110.37.1 (i586|i686|ppc64|s390x|x86_64) 0:2.11.3-17.110.40.1 (ppc64|s390x|x86_64) 0:2.11.3-17.110.40.1 (i586|ppc64|s390x|x86_64) 0:2.11.3-17.110.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.28.0-3.11.12.2 (ppc64|s390x|x86_64) 0:2.4.1-24.39.67.1 (ia64) 0:2.4.1-24.39.67.1 (ppc64|s390x|x86_64) 0:2.4.1-24.39.70.1 (ia64) 0:2.4.1-24.39.70.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-25.33.42.3.1 (x86_64) 0:2.00-0.66.8.1 (x86_64) 0:2.00-0.66.15.1 (x86_64) 0:2.00-0.66.21.1 (x86_64) 0:2.02-0.66.26.1 (ppc64|s390x|x86_64) 0:0.10.35-5.17.1 (ia64) 0:0.10.35-5.17.1 (i586|ppc64|s390x|x86_64) 0:0.10.35-5.18.5.1 (ppc64|s390x|x86_64) 0:0.10.35-5.18.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.10.30-5.14.1 (ppc64|s390x|x86_64) 0:2.18.9-0.44.1 (ia64) 0:2.18.9-0.44.1 (ppc64|s390x|x86_64) 0:2.18.9-0.45.3.1 (ia64) 0:2.18.9-0.45.3.1 (ppc64|s390x|x86_64) 0:2.18.9-0.45.8.1 (ia64) 0:2.18.9-0.45.8.1 (ia64) 0:4.0-7.30.2 (ia64) 0:4.0-38.1 (ia64) 0:4.0-43.1 (ia64) 0:4.0-46.1 (ia64) 0:4.0-47.6.1 (i586|ppc64|s390x|x86_64) 0:2.4.2-170.21.3.6.1 (i586|x86_64) 0:1.8.15-0.30.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.3-1.38.3.1 (ppc64|s390x|x86_64) 0:1.900.14-134.25.1 (ia64) 0:1.900.14-134.25.1 (ppc64|s390x|x86_64) 0:1.900.14-134.32.1 (ia64) 0:1.900.14-134.32.1 (ppc64|s390x|x86_64) 0:1.900.14-134.33.3.1 (ia64) 0:1.900.14-134.33.3.1 (i586|ppc64|s390x|x86_64) 0:1.900.14-134.33.20.1 (ppc64|s390x|x86_64) 0:1.900.14-134.33.20.1 (i586|x86_64) 0:1.7.1_sr3.10-3.1 (i586|x86_64) 0:1.7.1_sr3.20-6.1 (i586|x86_64) 0:1.7.1_sr3.30-9.1 (i586|x86_64) 0:1.7.1_sr3.40-13.1 (i586|x86_64) 0:1.7.1_sr3.60-19.2 (i586|x86_64) 0:1.7.1_sr4.1-22.1 (i586|x86_64) 0:1.7.1_sr4.5-25.1 (i586|x86_64) 0:1.7.1_sr4.10-26.5.1 (i586|x86_64) 0:1.7.1_sr4.15-26.8.1 (i586|x86_64) 0:1.7.1_sr4.20-26.13.1 (i586|x86_64) 0:1.7.1_sr4.25-26.26.1 (i586|x86_64) 0:1.7.1_sr4.30-26.29.1 (i586|x86_64) 0:1.7.1_sr4.35-26.32.1 (i586|x86_64) 0:1.7.1_sr4.40-26.36.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.45-26.40.1 (i586|x86_64) 0:1.7.1_sr4.45-26.40.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.50-26.44.1 (i586|x86_64) 0:1.7.1_sr4.50-26.44.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.55-26.47.1 (i586|x86_64) 0:1.7.1_sr4.55-26.47.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.60-26.50.1 (i586|x86_64) 0:1.7.1_sr4.60-26.50.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.65-26.55.1 (i586|x86_64) 0:1.7.1_sr4.65-26.55.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.70-26.58.1 (i586|x86_64) 0:1.7.1_sr4.70-26.58.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.75-26.62.1 (i586|x86_64) 0:1.7.1_sr4.75-26.62.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr4.80-26.65.1 (i586|x86_64) 0:1.7.1_sr4.80-26.65.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr5.0-26.68.1 (i586|x86_64) 0:1.7.1_sr5.0-26.68.1 (i586|ppc64|s390x|x86_64) 0:1.7.1_sr5.5-26.71.2 (i586|x86_64) 0:1.7.1_sr5.5-26.71.2 (i586|x86_64) 0:1.7.1_sr3.50-16.1 (i586|ia64|ppc64|s390x|x86_64) 0:6b-879.12.7.1 (ia64) 0:6.2.0-879.12.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-80.1 (s390x) 0:3.0.101-80.1 (i586|x86_64) 0:3.0.101-80.1 (i586) 0:3.0.101-80.1 (ppc64) 0:3.0.101-80.1 (ppc64) 0:3.0.101-88.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-88.1 (s390x) 0:3.0.101-88.1 (i586|x86_64) 0:3.0.101-88.1 (i586) 0:3.0.101-88.1 (ppc64) 0:3.0.101-94.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-94.1 (s390x) 0:3.0.101-94.1 (i586|x86_64) 0:3.0.101-94.1 (i586) 0:3.0.101-94.1 (ppc64) 0:3.0.101-97.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-97.1 (s390x) 0:3.0.101-97.1 (i586|x86_64) 0:3.0.101-97.1 (i586) 0:3.0.101-97.1 (ppc64) 0:3.0.101-104.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-104.2 (s390x) 0:3.0.101-104.2 (i586|x86_64) 0:3.0.101-104.2 (i586) 0:3.0.101-104.2 (ppc64) 0:3.0.101-108.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.7.1 (s390x) 0:3.0.101-108.7.1 (i586|x86_64) 0:3.0.101-108.7.1 (i586) 0:3.0.101-108.7.1 (ppc64) 0:3.0.101-108.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.13.1 (s390x) 0:3.0.101-108.13.1 (i586|x86_64) 0:3.0.101-108.13.1 (i586) 0:3.0.101-108.13.1 (ppc64) 0:3.0.101-108.71.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.71.1 (s390x) 0:3.0.101-108.71.1 (i586|x86_64) 0:3.0.101-108.71.1 (i586) 0:3.0.101-108.71.1 (ppc64) 0:3.0.101-108.132.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.132.1 (s390x) 0:3.0.101-108.132.1 (i586|x86_64) 0:3.0.101-108.132.1 (i586) 0:3.0.101-108.132.1 (ppc64) 0:3.0.101-108.135.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.135.1 (s390x) 0:3.0.101-108.135.1 (i586|x86_64) 0:3.0.101-108.135.1 (i586) 0:3.0.101-108.135.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-65.1 (s390x) 0:3.0.101-65.1 (ppc64) 0:3.0.101-65.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-71.1 (s390x) 0:3.0.101-71.1 (ppc64) 0:3.0.101-71.1 (ppc64) 0:3.0.101-108.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.18.1 (s390x) 0:3.0.101-108.18.1 (i586|x86_64) 0:3.0.101-108.18.1 (i586) 0:3.0.101-108.18.1 (ppc64) 0:3.0.101-108.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.21.1 (s390x) 0:3.0.101-108.21.1 (i586|x86_64) 0:3.0.101-108.21.1 (i586) 0:3.0.101-108.21.1 (s390x) 0:3.0.101-108.24.1 (ppc64) 0:3.0.101-108.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.35.1 (s390x) 0:3.0.101-108.35.1 (i586|x86_64) 0:3.0.101-108.35.1 (i586) 0:3.0.101-108.35.1 (ppc64) 0:3.0.101-108.48.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.48.1 (s390x) 0:3.0.101-108.48.1 (i586|x86_64) 0:3.0.101-108.48.1 (i586) 0:3.0.101-108.48.1 (ppc64) 0:3.0.101-108.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.52.1 (s390x) 0:3.0.101-108.52.1 (i586|x86_64) 0:3.0.101-108.52.1 (i586) 0:3.0.101-108.52.1 (ppc64) 0:3.0.101-108.68.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.68.1 (s390x) 0:3.0.101-108.68.1 (i586|x86_64) 0:3.0.101-108.68.1 (i586) 0:3.0.101-108.68.1 (ppc64) 0:3.0.101-108.77.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.77.1 (s390x) 0:3.0.101-108.77.1 (i586|x86_64) 0:3.0.101-108.77.1 (i586) 0:3.0.101-108.77.1 (ppc64) 0:3.0.101-108.87.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.87.1 (s390x) 0:3.0.101-108.87.1 (i586|x86_64) 0:3.0.101-108.87.1 (i586) 0:3.0.101-108.87.1 (ppc64) 0:3.0.101-108.90.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.90.1 (s390x) 0:3.0.101-108.90.1 (i586|x86_64) 0:3.0.101-108.90.1 (i586) 0:3.0.101-108.90.1 (noarch) 0:20110923-0.59.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-68.1 (s390x) 0:3.0.101-68.1 (ppc64) 0:3.0.101-68.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-77.1 (s390x) 0:3.0.101-77.1 (i586|x86_64) 0:3.0.101-77.1 (i586) 0:3.0.101-77.1 (ppc64) 0:3.0.101-77.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-84.1 (s390x) 0:3.0.101-84.1 (i586|x86_64) 0:3.0.101-84.1 (i586) 0:3.0.101-84.1 (ppc64) 0:3.0.101-84.1 (ppc64) 0:3.0.101-107.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-107.1 (s390x) 0:3.0.101-107.1 (i586|x86_64) 0:3.0.101-107.1 (i586) 0:3.0.101-107.1 (ppc64) 0:3.0.101-108.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.10.1 (s390x) 0:3.0.101-108.10.1 (i586|x86_64) 0:3.0.101-108.10.1 (i586) 0:3.0.101-108.10.1 (ppc64) 0:3.0.101-108.57.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.57.1 (s390x) 0:3.0.101-108.57.1 (i586|x86_64) 0:3.0.101-108.57.1 (i586) 0:3.0.101-108.57.1 (ppc64) 0:3.0.101-108.60.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.60.1 (s390x) 0:3.0.101-108.60.1 (i586|x86_64) 0:3.0.101-108.60.1 (i586) 0:3.0.101-108.60.1 (ppc64) 0:3.0.101-108.81.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.81.1 (s390x) 0:3.0.101-108.81.1 (i586|x86_64) 0:3.0.101-108.81.1 (i586) 0:3.0.101-108.81.1 (ppc64) 0:3.0.101-108.95.2 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.95.2 (s390x) 0:3.0.101-108.95.2 (i586|x86_64) 0:3.0.101-108.95.2 (i586) 0:3.0.101-108.95.2 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.95.1 (ppc64) 0:3.0.101-108.98.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.98.1 (s390x) 0:3.0.101-108.98.1 (i586|x86_64) 0:3.0.101-108.98.1 (i586) 0:3.0.101-108.98.1 (ppc64) 0:3.0.101-108.101.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.101.1 (s390x) 0:3.0.101-108.101.1 (i586|x86_64) 0:3.0.101-108.101.1 (i586) 0:3.0.101-108.101.1 (ppc64) 0:3.0.101-108.108.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.108.1 (s390x) 0:3.0.101-108.108.1 (i586|x86_64) 0:3.0.101-108.108.1 (i586) 0:3.0.101-108.108.1 (ppc64) 0:3.0.101-108.111.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.111.1 (s390x) 0:3.0.101-108.111.1 (i586|x86_64) 0:3.0.101-108.111.1 (i586) 0:3.0.101-108.111.1 (ppc64) 0:3.0.101-108.114.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.114.1 (s390x) 0:3.0.101-108.114.1 (i586|x86_64) 0:3.0.101-108.114.1 (i586) 0:3.0.101-108.114.1 (ppc64) 0:3.0.101-108.117.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.117.1 (s390x) 0:3.0.101-108.117.1 (i586|x86_64) 0:3.0.101-108.117.1 (i586) 0:3.0.101-108.117.1 (ppc64) 0:3.0.101-108.120.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.120.1 (s390x) 0:3.0.101-108.120.1 (i586|x86_64) 0:3.0.101-108.120.1 (i586) 0:3.0.101-108.120.1 (ppc64) 0:3.0.101-108.126.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.126.1 (s390x) 0:3.0.101-108.126.1 (i586|x86_64) 0:3.0.101-108.126.1 (i586) 0:3.0.101-108.126.1 (ppc64) 0:3.0.101-108.129.1 (i586|ppc64|s390x|x86_64) 0:3.0.101-108.129.1 (s390x) 0:3.0.101-108.129.1 (i586|x86_64) 0:3.0.101-108.129.1 (i586) 0:3.0.101-108.129.1 (ppc64) 0:3.0.101-108.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.38.1 (s390x) 0:3.0.101-108.38.1 (i586|x86_64) 0:3.0.101-108.38.1 (i586) 0:3.0.101-108.38.1 (ppc64) 0:3.0.101-108.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-108.41.1 (s390x) 0:3.0.101-108.41.1 (i586|x86_64) 0:3.0.101-108.41.1 (i586) 0:3.0.101-108.41.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20-0.43.2.1 (ppc64) 0:1.4.20_3.0.101_108.52-0.43.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20_3.0.101_108.52-0.43.2.1 (i586) 0:1.4.20_3.0.101_108.52-0.43.2.1 (i586|x86_64) 0:1.4.20_3.0.101_108.52-0.43.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.4.1-22.3.1 (ppc64) 0:1.5.4.1_3.0.101_108.52-22.3.1 (i586|ia64|ppc64|x86_64) 0:1.5.4.1_3.0.101_108.52-22.3.1 (i586) 0:1.5.4.1_3.0.101_108.52-22.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20-0.43.7.1 (ppc64) 0:1.4.20_3.0.101_108.87-0.43.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4.20_3.0.101_108.87-0.43.7.1 (i586) 0:1.4.20_3.0.101_108.87-0.43.7.1 (i586|x86_64) 0:1.4.20_3.0.101_108.87-0.43.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.4.1-22.6.1 (ppc64) 0:1.5.4.1_3.0.101_108.87-22.6.1 (i586|ia64|ppc64|x86_64) 0:1.5.4.1_3.0.101_108.87-22.6.1 (i586) 0:1.5.4.1_3.0.101_108.87-22.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.5-7.44.2.1 (ppc64) 0:2.0.5_3.0.101_108.87-7.44.2.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.5_3.0.101_108.87-7.44.2.1 (i586) 0:2.0.5_3.0.101_108.87-7.44.2.1 (i586|x86_64) 0:2.0.5_3.0.101_108.87-7.44.2.1 (ia64) 0:1.6.3-133.49.106.1 (ia64) 0:1.6.3-133.49.109.1 (ia64) 0:1.6.3-133.49.113.7.1 (i586|s390x|x86_64) 0:1.4.2-32.1 (i586|s390x|x86_64) 0:1.4.2-35.1 (i586|s390x|x86_64) 0:1.4.2-44.1 (i586|s390x|x86_64) 0:1.4.2-47.1 (i586|s390x|x86_64) 0:1.4.2-50.1 (i586|s390x|x86_64) 0:1.4.2-59.1 (i586|s390x|x86_64) 0:1.4.2-60.3.1 (i586|s390x|x86_64) 0:1.4.2-60.6.1 (i586|s390x|x86_64) 0:1.4.2-60.9.1 (i586|s390x|x86_64) 0:1.4.2-60.12.1 (i586|s390x|x86_64) 0:1.4.2-60.15.2 (i586|s390x|x86_64) 0:1.4.2-60.18.2 (i586|s390x|x86_64) 0:1.4.2-60.21.1 (i586|s390x|x86_64) 0:1.4.2-60.24.1 (i586|s390x|x86_64) 0:1.4.2-60.27.1 (i586|s390x|x86_64) 0:1.4.2-60.31.1 (i586|s390x|x86_64) 0:1.4.2-60.34.1 (i586|s390x|x86_64) 0:1.4.2-60.37.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.14.0.894-3.1 (i586|ppc64|s390x|x86_64) 0:0.99.beta13b-49.3.1 (ppc64|s390x|x86_64) 0:0.6.3-1.9.6 (i586|ppc64|s390x|x86_64) 0:1.7.4-7.10.3.1 (i586|ppc64|s390x|x86_64) 0:0.6.1-122.9.1 (ppc64|s390x|x86_64) 0:0.6.1-122.9.1 (ppc64|s390x|x86_64) 0:4.5.20-97.5 (ia64) 0:4.5.20-97.5 (i586|ppc64|s390x|x86_64) 0:1.0.4-157.18.3.1 (ppc64|s390x|x86_64) 0:0.6.17-2.14.3.1 (ia64) 0:0.6.17-2.14.3.1 (i586|ppc64|s390x|x86_64) 0:0.6.17-2.14.7.2 (ppc64|s390x|x86_64) 0:0.6.17-2.14.7.2 (ia64) 0:1.5.0-0.22.1 (ia64) 0:1.5.0-0.25.1 (i586|ppc64|s390x|x86_64) 0:1.5.0-0.26.6.1 (ppc64|s390x|x86_64) 0:1.5.0-0.26.6.1 (ppc64|s390x|x86_64) 0:1.10-6.1 (ia64) 0:1.10-6.1 (ppc64|s390x|x86_64) 0:1.10-7.3.1 (ia64) 0:1.10-7.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0-1.3.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0-1.3.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0-1.3.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0-1.3.16.1 (ia64) 0:1.2.31-5.43.1 (ppc64|s390x|x86_64) 0:0.1.4-3.1 (ia64) 0:0.1.4-3.1 (ppc64|s390x|x86_64) 0:1.0.20-2.13.1 (ia64) 0:1.0.20-2.13.1 (ppc64|s390x|x86_64) 0:1.0.20-2.18.1 (ia64) 0:1.0.20-2.18.1 (ppc64|s390x|x86_64) 0:1.0.20-2.19.7.3 (ia64) 0:1.0.20-2.19.7.3 (ppc64|s390x|x86_64) 0:1.0.20-2.19.12.1 (ia64) 0:1.0.20-2.19.12.1 (i586|ppc64|s390x|x86_64) 0:1.0.20-2.19.15.1 (ppc64|s390x|x86_64) 0:1.0.20-2.19.15.1 (i586|ppc64|s390x|x86_64) 0:1.0.20-2.19.18.1 (ppc64|s390x|x86_64) 0:1.0.20-2.19.18.1 (i586|ppc64|s390x|x86_64) 0:1.4.3-17.6.1 (i586|ppc64|s390x|x86_64) 0:1.4.3-17.9.1 (i586|ppc64|s390x|x86_64) 0:1.4.3-17.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.3.3-12.4.1 (i586|ppc64|s390x|x86_64) 0:1.3.4-12.5.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.1.6+git20080930-6.27.2 (ppc64|s390x|x86_64) 0:1.2.5-12.3 (ppc64|s390x|x86_64) 0:1.2.5-15.3 (i586|ia64|ppc64|s390x|x86_64) 0:1.2.5-4.2 (ppc64|s390x|x86_64) 0:1.2.5-23.3.1 (ppc64|s390x|x86_64) 0:1.2.5-23.6.1 (ppc64|s390x|x86_64) 0:1.2.5-23.15.1 (i586|ppc64|s390x|x86_64) 0:1.2.5-23.20.1 (ppc64|s390x|x86_64) 0:1.2.5-23.20.1 (i586|ppc64|s390x|x86_64) 0:1.2.5-23.24.1 (ppc64|s390x|x86_64) 0:1.2.5-23.24.1 (i586|ppc64|s390x|x86_64) 0:1.2.5-3.3.2 (ppc64|s390x|x86_64) 0:1.2.0-79.20.3.1 (ia64) 0:1.2.0-79.20.3.1 (ppc64|s390x|x86_64) 0:1.2.0-79.20.6.1 (ia64) 0:1.2.0-79.20.6.1 (ppc64|s390x|x86_64) 0:1.2.0-79.20.11.1 (ia64) 0:1.2.0-79.20.11.1 (ppc64|s390x|x86_64) 0:1.2.0-79.20.14.1 (ia64) 0:1.2.0-79.20.14.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.40.3 (ia64) 0:2.7.6-0.40.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.44.4 (ia64) 0:2.7.6-0.44.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.50.4 (ia64) 0:2.7.6-0.50.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.64.4 (ia64) 0:2.7.6-0.64.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.69.3 (ia64) 0:2.7.6-0.69.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.76.4 (ia64) 0:2.7.6-0.76.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.6-0.77.3.5 (ia64) 0:2.7.6-0.77.3.2 (ia64) 0:2.7.6-0.77.10.1 (ia64) 0:2.7.6-0.77.15.1 (i586|ppc64|s390x|x86_64) 0:2.7.6-0.77.18.1 (ppc64|s390x|x86_64) 0:2.7.6-0.77.18.1 (i586|ppc64|s390x|x86_64) 0:2.7.6-0.77.36.1 (ppc64|s390x|x86_64) 0:2.7.6-0.77.36.1 (i586|ppc64|s390x|x86_64) 0:2.7.6-0.77.43.1 (ppc64|s390x|x86_64) 0:2.7.6-0.77.43.1 (ia64) 0:1.1.24-19.33.1 (ppc64) 0:3.0.101-91.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-91.1 (s390x) 0:3.0.101-91.1 (i586|x86_64) 0:3.0.101-91.1 (i586) 0:3.0.101-91.1 (ppc64) 0:3.0.101-100.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.101-100.1 (s390x) 0:3.0.101-100.1 (i586|x86_64) 0:3.0.101-100.1 (i586) 0:3.0.101-100.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.15-9.6.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.1.15-9.6.6.1 (i586|ppc64|s390x|x86_64) 0:2.1.15-9.6.12.1 (i586|ppc64|s390x|x86_64) 0:2.1.15-9.6.15.1 (i586|ppc64|s390x|x86_64) 0:2.1.15-9.6.20.1 (i586|ppc64|s390x|x86_64) 0:2.1.15-9.6.26.1 (ppc64|s390x|x86_64) 0:3.21.3-39.1 (ia64) 0:3.21.3-39.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.1.36-28.3.1 (i586|x86_64) 0:1.17-102.83.21.1 (i586|x86_64) 0:1.17-102.83.36.1 (i586|x86_64) 0:1.17-102.83.41.1 (i586|x86_64) 0:1.17-102.83.47.1 (i586|x86_64) 0:1.17-102.83.50.1 (i586|x86_64) 0:1.17-102.83.53.1 (i586|x86_64) 0:1.17-102.83.59.1 (i586|x86_64) 0:1.17-102.83.62.1 (i586|x86_64) 0:1.17-102.83.71.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.3-27.24.6.2 (i586|ppc64|s390x|x86_64) 0:3.68.1-47.19.1 (ppc64|s390x|x86_64) 0:3.68.1-47.19.1 (i586|ppc64|s390x|x86_64) 0:3.68.3-47.25.1 (ppc64|s390x|x86_64) 0:3.68.3-47.25.1 (i586|x86_64) 0:3.53.1-38.23.1 (i586|ppc64|s390x|x86_64) 0:4.25-29.12.2 (ppc64|s390x|x86_64) 0:4.25-29.12.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.5.17-42.43.1 (i586|ppc64|s390x|x86_64) 0:1.5.17-42.51.1 (i586|ppc64|s390x|x86_64) 0:1.5.17-42.56.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.49-0.20.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.52-0.27.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.53-0.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.54-0.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.55-0.38.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.57-0.39.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.58-0.39.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.59-0.39.9.8 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.60-0.39.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.61-0.39.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.5.62-0.39.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.12-24.4.10.3.3 (ppc64|s390x|x86_64) 0:2.28.4-1.16.21.3.1 (ia64) 0:2.28.4-1.16.21.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.6-92.1 (ppc64|s390x|x86_64) 0:5.6-92.1 (ia64) 0:5.6-92.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.6-93.6.1 (ppc64|s390x|x86_64) 0:5.6-93.6.1 (ia64) 0:5.6-93.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.6-93.12.1 (ppc64|s390x|x86_64) 0:5.6-93.12.1 (ia64) 0:5.6-93.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.6-93.15.1 (ppc64|s390x|x86_64) 0:5.6-93.15.1 (ia64) 0:5.6-93.15.1 (ia64) 0:10.26.44-101.14.1 (i586|ppc64|s390x|x86_64) 0:10.26.44-101.15.5.2 (ppc64|s390x|x86_64) 0:10.26.44-101.15.5.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p4-5.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p6-8.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p7-11.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p8-14.1 (ppc64|s390x|x86_64) 0:1.5-1.34.1 (ia64) 0:1.5-1.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p9-57.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p10-63.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p11-64.4.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p12-64.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.2.8p13-64.13.1 (i586|ppc64|s390x|x86_64) 0:4.2.8p15-64.16.1 (i586|x86_64) 0:10.1.0-7.1 (i586|ppc64|s390x|x86_64) 0:2.3.37-2.74.9.1 (i586|ppc64|s390x|x86_64) 0:2.4.26-0.74.9.1 (i586|ppc64|s390x|x86_64) 0:2.3.37-2.74.13.1 (i586|ppc64|s390x|x86_64) 0:2.4.26-0.74.13.1 (i586|ppc64|s390x|x86_64) 0:2.3.37-2.74.16.1 (i586|ppc64|s390x|x86_64) 0:2.4.26-0.74.16.1 (i586|ppc64|s390x|x86_64) 0:2.3.37-2.74.26.1 (i586|ppc64|s390x|x86_64) 0:2.4.26-0.74.26.1 (ppc64|s390x|x86_64) 0:0.11.6-5.27.3.1 (ia64) 0:0.11.6-5.27.3.1 (i586|ppc64|s390x|x86_64) 0:0.11.6-5.27.14.1 (ppc64|s390x|x86_64) 0:0.11.6-5.27.14.1 (ppc64|s390x|x86_64) 0:1.2.0-172.27.3.1 (ia64) 0:1.2.0-172.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-13.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-13.3 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-21.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-21.3 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-28.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-28.2 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-35.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-35.4 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-36.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-36.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-36.12.1 (i586|ppc64|s390x|x86_64) 0:6.6p1-36.20.1 (i586|ppc64|s390x|x86_64) 0:6.6p1-36.26.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-16.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.6p1-16.4 (ppc64|s390x|x86_64) 0:0.9.8j-0.89.1 (ia64) 0:0.9.8j-0.89.1 (ia64) 0:0.9.8j-0.97.1 (ia64) 0:0.9.8j-0.102.2 (ia64) 0:0.9.8j-0.105.1 (ia64) 0:0.9.8j-0.106.9.1 (ia64) 0:0.9.8j-0.106.12.1 (ia64) 0:0.9.8j-0.106.15.1 (ia64) 0:0.9.8j-0.106.18.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.21.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.21.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.25.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.25.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.28.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.28.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.31.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.31.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.34.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.34.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.37.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.37.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.40.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.40.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.43.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.43.1 (i586|ppc64|s390x|x86_64) 0:0.9.8j-0.106.46.1 (ppc64|s390x|x86_64) 0:0.9.8j-0.106.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-143.46.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.9-143.47.3.1 (ia64) 0:1.1.5-0.17.2 (i586|ia64|ppc64|s390x|x86_64) 0:11-1.27.3.1 (ppc64|s390x|x86_64) 0:11-1.27.3.1 (ia64) 0:11-1.27.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.6.0-141.3.1 (ppc64|s390x|x86_64) 0:0.6.0-141.3.1 (ia64) 0:0.6.0-141.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.5.9-252.22.7.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.80.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2808.01-0.80.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.72-0.80.1 (ia64) 0:5.10.0-64.80.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.81.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2808.01-0.81.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.72-0.81.3.1 (ia64) 0:5.10.0-64.81.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.81.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2808.01-0.81.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.72-0.81.10.1 (ia64) 0:5.10.0-64.81.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.10.0-64.81.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.2808.01-0.81.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.72-0.81.13.1 (ia64) 0:5.10.0-64.81.13.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.24-4.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.008-6.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.008-9.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.008-10.5.1 (i586|ppc64|s390x|x86_64) 0:1.607-3.3.1 (i586|ppc64|s390x|x86_64) 0:1.607-3.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.66-3.3.1 (i586|ppc64|s390x|x86_64) 0:2013.1.7-0.6.5.1 (i586|ppc64|s390x|x86_64) 0:5.3.17-112.71.1 (i586|ppc64|s390x|x86_64) 0:5.3.17-112.79.1 (i586|ppc64|s390x|x86_64) 0:5.3.17-112.93.1 (i586|ppc64|s390x|x86_64) 0:5.3.17-112.99.2 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.79-4.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.0.79-4.9.3.3 (ppc64|s390x|x86_64) 0:9.4.6-0.14.3 (ppc64|s390x|x86_64) 0:9.4.9-0.19.1 (ppc64|s390x|x86_64) 0:9.4.12-0.22.3 (ppc64|s390x|x86_64) 0:9.4.13-0.23.5.1 (ppc64|s390x|x86_64) 0:9.4.15-0.23.10.1 (ppc64|s390x|x86_64) 0:9.4.16-0.23.13.2 (ppc64|s390x|x86_64) 0:9.4.17-0.23.16.1 (ppc64|s390x|x86_64) 0:9.4.19-0.23.19.1 (i586|ppc64|s390x|x86_64) 0:2.4.5.git-2.32.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.22-240.8.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.7-152.31.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.26-0.5.3.1 (ppc64|s390x|x86_64) 0:2.6.9-39.1 (ia64) 0:2.6.9-39.1 (ppc64|s390x|x86_64) 0:2.6.9-40.3.1 (ia64) 0:2.6.9-40.3.1 (ppc64|s390x|x86_64) 0:2.6.9-40.6.2 (ia64) 0:2.6.9-40.6.2 (ppc64|s390x|x86_64) 0:2.6.9-40.15.1 (ia64) 0:2.6.9-40.15.1 (ppc64|s390x|x86_64) 0:2.6.9-40.21.1 (ia64) 0:2.6.9-40.21.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.6.9-40.21.2 (ppc64|s390x|x86_64) 0:2.6.9-40.21.2 (ia64) 0:2.6.9-40.21.2 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.24.1 (ppc64|s390x|x86_64) 0:2.6.9-40.24.1 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.29.1 (ppc64|s390x|x86_64) 0:2.6.9-40.29.1 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.32.1 (ppc64|s390x|x86_64) 0:2.6.9-40.32.1 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.32.2 (ppc64|s390x|x86_64) 0:2.6.9-40.32.2 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.35.1 (ppc64|s390x|x86_64) 0:2.6.9-40.35.1 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.35.2 (ppc64|s390x|x86_64) 0:2.6.9-40.35.2 (i586|ppc64|s390x|x86_64) 0:2.6.9-40.48.1 (ppc64|s390x|x86_64) 0:2.6.9-40.48.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.4-2.52.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.4-2.53.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.0.4-2.53.6.1 (i586|ia64|ppc64|s390|s390x|x86_64) 0:0.12.21~rc-936.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-67.2 (ppc64|s390x|x86_64) 0:3.6.3-67.2 (ia64) 0:3.6.3-67.2 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-76.1 (ppc64|s390x|x86_64) 0:3.6.3-76.1 (ia64) 0:3.6.3-76.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-84.1 (ppc64|s390x|x86_64) 0:3.6.3-84.1 (ia64) 0:3.6.3-84.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-87.1 (ppc64|s390x|x86_64) 0:3.6.3-87.1 (ia64) 0:3.6.3-87.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-90.1 (ppc64|s390x|x86_64) 0:3.6.3-90.1 (ia64) 0:3.6.3-90.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-93.1 (ppc64|s390x|x86_64) 0:3.6.3-93.1 (ia64) 0:3.6.3-93.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-94.5.1 (ppc64|s390x|x86_64) 0:3.6.3-94.5.1 (ia64) 0:3.6.3-94.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-94.8.1 (ppc64|s390x|x86_64) 0:3.6.3-94.8.1 (ia64) 0:3.6.3-94.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-94.11.1 (ppc64|s390x|x86_64) 0:3.6.3-94.11.1 (ia64) 0:3.6.3-94.11.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.34b-94.14.2 (ppc64|s390x|x86_64) 0:3.6.3-94.14.2 (ia64) 0:3.6.3-94.14.2 (i586|ppc64|s390x|x86_64) 0:1.34b-94.19.2 (i586|ppc64|s390x|x86_64) 0:3.6.3-94.19.2 (ppc64|s390x|x86_64) 0:3.6.3-94.19.2 (i586|ppc64|s390x|x86_64) 0:1.34b-94.23.1 (i586|ppc64|s390x|x86_64) 0:3.6.3-94.23.1 (ppc64|s390x|x86_64) 0:3.6.3-94.23.1 (i586|ppc64|s390x|x86_64) 0:1.34b-94.26.1 (i586|ppc64|s390x|x86_64) 0:3.6.3-94.26.1 (ppc64|s390x|x86_64) 0:3.6.3-94.26.1 (i586|ppc64|s390x|x86_64) 0:1.34b-94.31.1 (i586|ppc64|s390x|x86_64) 0:3.6.3-94.31.1 (ppc64|s390x|x86_64) 0:3.6.3-94.31.1 (i586|ppc64|s390x|x86_64) 0:1.34b-94.34.1 (i586|ppc64|s390x|x86_64) 0:3.6.3-94.34.1 (ppc64|s390x|x86_64) 0:3.6.3-94.34.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.0.0-1.18.2 (i586|x86_64) 0:0.12.4-21.1 (ppc64|s390x|x86_64) 0:3.7.6.3-1.4.6.1 (ia64) 0:3.7.6.3-1.4.6.1 (ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.3.1 (ia64) 0:3.7.6.3-1.4.7.3.1 (i586|ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.9.1 (ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.9.1 (i586|ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.12.1 (ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.12.1 (i586|ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.15.1 (ppc64|s390x|x86_64) 0:3.7.6.3-1.4.7.15.1 (i586|ia64|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.12.29.1 (i586|ppc64|s390x|x86_64) 0:2.7.STABLE5-2.12.30.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.23-8.16.30.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.23-8.16.36.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.6.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.9.1 (i586|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.12.1 (i586|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.15.1 (i586|ppc64|s390x|x86_64) 0:3.1.23-8.16.37.18.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.4-13.10.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.29.2 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.35.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.4.0-6.36.3.1 (i586|ppc64|s390x|x86_64) 0:4.4.0-6.36.9.1 (i586|ppc64|s390x|x86_64) 0:4.4.0-6.36.12.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.7.6p2-0.29.1 (i586|ppc64|s390x|x86_64) 0:1.7.6p2-0.30.5.1 (i586|ppc64|s390x|x86_64) 0:2.0.9-27.34.40.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:1.26-1.2.10.1 (i586|ppc64|s390x|x86_64) 0:1.27.1-14.8.1 (i586|x86_64) 0:20120115_1.7.0-0.5.5.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.9.8-1.29.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.9.8-1.30.5.1 (i586|ppc64|s390x|x86_64) 0:3.9.8-1.30.13.1 (i586|ppc64|s390x|x86_64) 0:3.9.8-1.30.19.1 (ia64) 0:3.8.2-141.163.1 (ia64) 0:3.8.2-141.168.1 (ia64) 0:3.8.2-141.169.3.1 (ia64) 0:3.8.2-141.169.6.1 (ia64) 0:3.8.2-141.169.9.1 (ia64) 0:3.8.2-141.169.16.1 (ia64) 0:3.8.2-141.169.19.1 (ia64) 0:3.8.2-141.169.22.1 (ia64) 0:3.8.2-141.169.26.1 (ia64) 0:3.8.2-141.169.31.1 (i586|ppc64|s390x|x86_64) 0:3.8.2-141.169.34.1 (ppc64|s390x|x86_64) 0:3.8.2-141.169.34.1 (i586|ppc64|s390x|x86_64) 0:1.3.9-81.15.3.1 (noarch) 0:6.0.41-0.47.1 (i586|ia64|ppc64|s390x|x86_64) 0:3.2.5-160.3.2 (i586|ppc64|s390x|x86_64) 0:3.2.8a-1.160.13.1 (i586|ppc64|s390x|x86_64) 0:3.2.8b-160.16.2 (i586|ia64|ppc64|s390x|x86_64) 0:3.80.2-4.1 (i586|ia64|ppc64|s390x|x86_64) 0:5.6.1-5.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.00-11.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.00-11.18.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:6.00-11.18.8.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.2-8.17.1 (i586|ia64|ppc64|s390x|x86_64) 0:7.2-8.20.8 (i586|ppc64|s390x|x86_64) 0:7.2-8.21.3.1 (i586|ppc64|s390x|x86_64) 0:7.2-8.21.6.2 (i586|ia64|ppc64|s390x|x86_64) 0:0.5.3.git20161120-4.1 (i586|ppc64|s390x|x86_64) 0:4.50.1-1.33.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-6.18.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:0.7.1-6.18.6.1 (x86_64) 0:4.4.4_07-37.1 (i586|x86_64) 0:4.4.4_07_3.0.101_77-37.1 (i586) 0:4.4.4_07_3.0.101_77-37.1 (x86_64) 0:4.4.4_08-40.2 (i586|x86_64) 0:4.4.4_08_3.0.101_80-40.2 (i586) 0:4.4.4_08_3.0.101_80-40.2 (x86_64) 0:4.4.4_10-43.5 (i586|x86_64) 0:4.4.4_10_3.0.101_88-43.5 (i586) 0:4.4.4_10_3.0.101_88-43.5 (x86_64) 0:4.4.4_12-46.1 (i586|x86_64) 0:4.4.4_12_3.0.101_91-46.1 (i586) 0:4.4.4_12_3.0.101_91-46.1 (x86_64) 0:4.4.4_14-51.1 (i586|x86_64) 0:4.4.4_14_3.0.101_94-51.1 (i586) 0:4.4.4_14_3.0.101_94-51.1 (x86_64) 0:4.4.4_16-54.1 (i586|x86_64) 0:4.4.4_16_3.0.101_97-54.1 (i586) 0:4.4.4_16_3.0.101_97-54.1 (x86_64) 0:4.4.4_18-57.1 (i586|x86_64) 0:4.4.4_18_3.0.101_97-57.1 (i586) 0:4.4.4_18_3.0.101_97-57.1 (x86_64) 0:4.4.4_20-60.3 (i586|x86_64) 0:4.4.4_20_3.0.101_104-60.3 (i586) 0:4.4.4_20_3.0.101_104-60.3 (x86_64) 0:4.4.4_22-61.9.2 (i586|x86_64) 0:4.4.4_22_3.0.101_108.7-61.9.2 (i586) 0:4.4.4_22_3.0.101_108.7-61.9.2 (x86_64) 0:4.4.4_24-61.12.1 (i586|x86_64) 0:4.4.4_24_3.0.101_108.10-61.12.1 (i586) 0:4.4.4_24_3.0.101_108.10-61.12.1 (x86_64) 0:4.4.4_26-61.17.1 (i586|x86_64) 0:4.4.4_26_3.0.101_108.13-61.17.1 (i586) 0:4.4.4_26_3.0.101_108.13-61.17.1 (x86_64) 0:4.4.4_28-61.23.2 (i586|x86_64) 0:4.4.4_28_3.0.101_108.35-61.23.2 (i586) 0:4.4.4_28_3.0.101_108.35-61.23.2 (x86_64) 0:4.4.4_30-61.26.1 (i586|x86_64) 0:4.4.4_30_3.0.101_108.38-61.26.1 (i586) 0:4.4.4_30_3.0.101_108.38-61.26.1 (x86_64) 0:4.4.4_32-61.29.2 (i586|x86_64) 0:4.4.4_32_3.0.101_108.52-61.29.2 (i586) 0:4.4.4_32_3.0.101_108.52-61.29.2 (x86_64) 0:4.4.4_34-61.32.1 (i586|x86_64) 0:4.4.4_34_3.0.101_108.57-61.32.1 (i586) 0:4.4.4_34_3.0.101_108.57-61.32.1 (x86_64) 0:4.4.4_36-61.37.2 (i586|x86_64) 0:4.4.4_36_3.0.101_108.68-61.37.2 (i586) 0:4.4.4_36_3.0.101_108.68-61.37.2 (x86_64) 0:4.4.4_38-61.40.1 (i586|x86_64) 0:4.4.4_38_3.0.101_108.84-61.40.1 (i586) 0:4.4.4_38_3.0.101_108.84-61.40.1 (x86_64) 0:4.4.4_40-61.43.2 (i586|x86_64) 0:4.4.4_40_3.0.101_108.87-61.43.2 (i586) 0:4.4.4_40_3.0.101_108.87-61.43.2 (x86_64) 0:4.4.4_40-61.46.2 (i586|x86_64) 0:4.4.4_40_3.0.101_108.90-61.46.2 (i586) 0:4.4.4_40_3.0.101_108.90-61.46.2 (i586|x86_64) 0:4.4.4_40-61.46.2 (x86_64) 0:4.4.4_40-61.49.1 (i586|x86_64) 0:4.4.4_40_3.0.101_108.101-61.49.1 (i586) 0:4.4.4_40_3.0.101_108.101-61.49.1 (i586|x86_64) 0:4.4.4_40-61.49.1 (x86_64) 0:4.4.4_42-61.52.1 (i586|x86_64) 0:4.4.4_42_3.0.101_108.114-61.52.1 (i586) 0:4.4.4_42_3.0.101_108.114-61.52.1 (i586|x86_64) 0:4.4.4_42-61.52.1 (x86_64) 0:4.4.4_44-61.55.1 (i586|x86_64) 0:4.4.4_44_3.0.101_108.117-61.55.1 (i586) 0:4.4.4_44_3.0.101_108.117-61.55.1 (i586|x86_64) 0:4.4.4_44-61.55.1 (x86_64) 0:4.4.4_46-61.58.1 (i586|x86_64) 0:4.4.4_46_3.0.101_108.117-61.58.1 (i586) 0:4.4.4_46_3.0.101_108.117-61.58.1 (i586|x86_64) 0:4.4.4_46-61.58.1 (x86_64) 0:4.4.4_48-61.61.1 (i586|x86_64) 0:4.4.4_48_3.0.101_108.117-61.61.1 (i586) 0:4.4.4_48_3.0.101_108.117-61.61.1 (i586|x86_64) 0:4.4.4_48-61.61.1 (x86_64) 0:4.4.4_48-61.64.1 (i586|x86_64) 0:4.4.4_48_3.0.101_108.123-61.64.1 (i586) 0:4.4.4_48_3.0.101_108.123-61.64.1 (i586|x86_64) 0:4.4.4_48-61.64.1 (x86_64) 0:4.4.4_50-61.67.1 (i586|x86_64) 0:4.4.4_50_3.0.101_108.129-61.67.1 (i586) 0:4.4.4_50_3.0.101_108.129-61.67.1 (i586|x86_64) 0:4.4.4_50-61.67.1 (x86_64) 0:4.4.4_52-61.70.1 (i586|x86_64) 0:4.4.4_52_3.0.101_108.132-61.70.1 (i586) 0:4.4.4_52_3.0.101_108.132-61.70.1 (i586|x86_64) 0:4.4.4_52-61.70.1 (ia64) 0:7.4-3.1 (ia64) 0:7.4-5.11.65.1 (ia64) 0:7.4-5.11.68.1 (ia64) 0:7.4-5.11.72.9.1 (i586|ppc64|s390x|x86_64) 0:7.4-5.11.72.15.1 (ppc64|s390x|x86_64) 0:7.4-5.11.72.15.1 (i586|ppc64|s390x|x86_64) 0:7.4-5.11.72.18.1 (ppc64|s390x|x86_64) 0:7.4-5.11.72.18.1 (i586|ppc64|s390x|x86_64) 0:7.4-5.11.72.27.1 (ppc64|s390x|x86_64) 0:7.4-5.11.72.27.1 (ia64) 0:7.4-1.20.1 (ia64) 0:7.4-8.26.49.1 (ia64) 0:7.4-8.26.50.5.3 (ia64) 0:7.4-8.26.50.8.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.26.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.29.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.37.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.40.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.43.1 (i586|ppc64|s390x|x86_64) 0:7.4-27.122.46.1 (i586|ppc64|s390x|x86_64) 0:238-3.3.1 (i586|ppc64|s390x|x86_64) 0:5.0.3-0.12.7.1 (ppc64|s390x|x86_64) 0:5.0.3-0.12.7.1 (ia64) 0:1.2.7-0.14.1 (i586|ppc64|s390x|x86_64) 0:1.2.7-0.17.3.1 (ppc64|s390x|x86_64) 0:1.2.7-0.17.3.1 (i586|ia64|ppc64|s390x|x86_64) 0:4.3.6-67.9.3.1 (i586|ppc64|s390x|x86_64) 0:4.3.6-67.9.8.1